Spreading WAN load

If you have multiple connections to the Internet, you'll want to use all of them. This is usually accomplished by a router, choosing which traffic is sent over which link.

Basic router setup
Please first refer to the official documentation on setting up a home router for the basic setup. Make sure to select the CONNMARK and MARK target support, as well as the "connmark" and "statistic" match support in the kernel configuration. Also make sure that "IP:advanced router" and "IP: policy routing" is built into the kernel under Networking-->Networking support-->Networking options.

Once you have a working router, setup your other WAN connections. In this guide, it is assumed you'll be using two WAN connections.

Configure iptables
For the iptables modification we are going to add 3 chains in the mangle table: one to restore the mark on ESTABLISHED and RELATED connections and one for each WAN interface.

Create the new chains:

Now add RESTORE chain details:

Add packet marking details for each WAN interface you have:

Restore the mark if the connection already has a mark

Here's where the magic happens. This setups the marking decision logic. Here, we chose a round-robin type, but statistical weights could also be used.

Add another masquerade for the second WAN (replacing ppp1 with the second WAN interface):

Because it is not clear which packet will travel which route, don't forget to disable reverse path filtering in.

Execute the following to enable the filters:

Adding the actual routing decision
The packet that will be routed onto the different connections has been marked, the NATting has been set up and all that remains is to do the actual routing. Start off by adding two routing tables in. Under custom routes, add:

Next, add the interfaces to the routes (replacing ppp0 and ppp1 with the relevant WAN interfaces):

Now that the routes are linked to the interfaces, you'll want to direct all packets marked with a 1 in iptables to one route and all packets marked with a 2 towards the other route. To do this, first delete any routing already present, and then add the new routes.

Checking the configuration
To check if everything is working properly, use a tool such as iptraf or tcpdump or wireshark. It is important to setup one connection as the default connection so that all outgoing packet from the box can be routed.