Simple
Here's a very simple iptables
ruleset that masquerades everything. This one works for many simpler setups. It won't work if the box is working as a full-blown router — it has a potentially nasty habit of NATting all traffic that leaves your computer.
iptables -A POSTROUTING -o eth+ -t nat -j MASQUERADE
iptables -A POSTROUTING -o wlan+ -t nat -j MASQUERADE
Full
If the simple solution fails to work, or if your configuration is more complex, this ruleset might help:
NATIF='vboxnet+'
MARK=1
iptables -A PREROUTING -t mangle -i $NATIF -j MARK --set-mark $MARK
iptables -A POSTROUTING -o eth+ -t nat -m mark --mark $MARK -j MASQUERADE
iptables -A POSTROUTING -o wlan+ -t nat -m mark --mark $MARK -j MASQUERADE
It marks packets coming in through any vboxnet*
interface, then, later, masquerades (SNAT) any packets going out of eth*
or wlan*
with the mark set.
Also…
In addition to the iptables
rules, you'll need to turn your host computer into a router by enabling packet forwarding. Put:
net.ipv4.ip_forward=1
in /etc/sysctl.conf
, then say
sudo sysctl -p /etc/sysctl.conf.
Alternatively:
echo 1 | sudo tee /proc/sys/net/ipv4_ip_forward
The guest must also have a default route that gateways packets through the host's external interfaces (and for this, chances are host-only mode just won't work). Check its routing table (this depends on the guest OS).
Also, install wireshark
or tshark
and use them to examine packets. There's no better way to solve generic networking issues like this one.
Personally, I'd suggest changing the guest to use bridged mode networking and making available to it both of the host's interfaces. Then it can connect on its own, using the DHCP service on your router to get a local address on its own. No NAT needed.
Best Answer
This is definitely feasible. Many of us were running mixed, load-balanced broadband configs for corporate years ago and they worked really well. Many probably still do!
You can do it in a number of ways, including using
iptables
rules and/oriproute2
(ip(8)
command) to setup policy routing.The load balancing is not done at the packet level, but at the connection level. That is, all packets of a connection go out of one interface. Which interface this is depends on the routing policy. Without the co-operation of your the first routers just beyond your own infrastructure, this is the only way you can do it. Remote computers have no way to tell that your two IP addresses actually belong to the same computer. In TCP, a connection is uniquely identified by a 4-tuple (Remote-IP, Remote-Port, Local-IP, Local-Port). If you send packets from different IPs, the remote server thinks they belong to two different connections and gets hopelessly confused.
Obviously, this sort of thing makes more sense in a corporate environment, or one with lots of users sharing a single connection. At work, we were combining a 256 kbps ADSL line with a 512 kbps cable line (yes, back then) and the whole thing worked remarkably well, with the added benefit of high availability.
For some actual practical help, here's one way of doing it with
iproute2
. It's meant for Debian, but it works on Ubuntu too, of course.