This is definitely feasible. Many of us were running mixed, load-balanced broadband configs for corporate years ago and they worked really well. Many probably still do!
You can do it in a number of ways, including using iptables
rules and/or iproute2
(ip(8)
command) to setup policy routing.
The load balancing is not done at the packet level, but at the connection level. That is, all packets of a connection go out of one interface. Which interface this is depends on the routing policy. Without the co-operation of your the first routers just beyond your own infrastructure, this is the only way you can do it. Remote computers have no way to tell that your two IP addresses actually belong to the same computer. In TCP, a connection is uniquely identified by a 4-tuple (Remote-IP, Remote-Port, Local-IP, Local-Port). If you send packets from different IPs, the remote server thinks they belong to two different connections and gets hopelessly confused.
Obviously, this sort of thing makes more sense in a corporate environment, or one with lots of users sharing a single connection. At work, we were combining a 256 kbps ADSL line with a 512 kbps cable line (yes, back then) and the whole thing worked remarkably well, with the added benefit of high availability.
For some actual practical help, here's one way of doing it with iproute2
. It's meant for Debian, but it works on Ubuntu too, of course.
Your issue is mainly the route configuration of the hosts. I assume your current setup is as follow:
- enp1s0 interface has ip address 192.168.1.1/24
- enp3s0 interface has ip address 192.168.176.1/24
For hosts between the two IP network to communicate, they need a dedicated entry in their routing table.
- The hosts on 192.168.1.0/24 that need to access the IP camera need to know that 192.168.1.1 is the router for 192.168.176.0/24.
- The hosts on 192.168.176.0/24 need a route to 192.168.1.0/24.
Now I assume that the static/DHCP configuration for the IP cameras is to route default traffic through 192.168.176.1, so they know where to send packets for the PCs. But the PCs on 192.168.1.0/24 have only one default entry the internet router. So any packet to 192.168.176.0/24 get sent there and lost.
You can either
- configure your DHCP router on 192.168.1.0/24 to advertise a static route to 192.168.176.0/24 via 192.168.1.1 with the "classless static route" option
- add manually 192.168.1.1 as a gateway to 192.168.176.0/24 on the PCs
You will also need to flush your iptables rules. The POSTROUTING rule will mess up the routing and the FORWARD rule is useless (unless you have a DROP policy).
iptables -t nat -F POSTROUTING
iptables -F FORWARD
Your cameras could see the PCs because they were configured with a default gateway of 192.168.176.1 and the nat POSTROUTING entry. For example if IP camera 192.168.176.10 sends a packet to PC 192.168.1.20, the packet will first be sent to 192.168.176.1 (enp3s0) the default gateway. The Ubuntu PC will forward the packet to enp1s0, rewriting the sender's address as its own, 192.168.1.1. When 192.168.1.20 replies the packet, it sends it back to the substituted address, 192.168.1.1. When the Ubuntu PC receives it, it knows it is a reply to the IP camera 192.168.176.10. So it rewrites the destination address to 192.168.176.10 and fowards it through enp3s0.
Now you don't want to mess packets with NAT, you just need IP routing. In the preceding example, the PC sees the camera IP address as 192.168.1.1, as it was substituted by the Ubuntu PC. Once you have set correct routes,
- in a connection initiated by the PC to the camera, the PC will see the camera IP address as 192.168.176.10.
- in a connection initiated by the camera to the PC, the PC will still see the camera IP address as 192.168.1.1 (NAT'ed address)
For simple IP devices, the second is unlikely to matter. But that could lead to buggy behaviour. As an example, if you had a managed switch and you wanted to use SNMP traps. You should delete the iptables -t nat -A POSTROUTING -j MASQUERADE
rule.
One issue that will arise: Do you want your IP cameras to access the internet? If not, I would include an iptables FORWARD route to deny packets from 192.168.176.0/24 going anywhere except 192.168.1.0/24. If you wish to grant access, you will need to configure your router with a static route to 192.168.176.0/24.
Best Answer
You can use Network Manager with a static IP address.
If you want a system-wide setting, you can use
/etc/network/interfaces
for a wireless adapter. The only difference with a wired adapter is that you'll need extra settings for the encryption (unless your wifi network is unencrypted).For WPA (any supported variant), use wpa-supplicant Install wpasupplicant http://bit.ly/software-small.
The
wpa-
parameters are those you could put in a block inwpa_supplicant.conf
, withwpa-
prefixed.For WEP, the wireless-tools Install wpasupplicant http://bit.ly/software-small package has all you need. Instead of the
wpa-
settings, putwireless-
settings, e.g.