Wan load balancing fails to work properly for PPPoE clients

I have two PPPoE exits from ISPs and one PPPoE server. I have done Wan load balancing at the two PPPoE exits to balance the traffic load from the intranet. When the intranet client is DHCP or static IP, Wan load balancing works normally, but when the intranet client is PPPoE client, Wan load balancing does not work.
This is my configuration

set interfaces bridge br0 description 'pppoe-lan'
set interfaces bridge br0 member interface eth2
set interfaces bridge br1 address '192.168.10.1/24'
set interfaces bridge br1 member interface eth3
set interfaces bridge br1 description 'dhcp-lan'
set interfaces ethernet eth2 description '>pppoe-lan'
set interfaces ethernet eth3 description '>dhcp-lan'

set interfaces pppoe pppoe0 authentication password 'test1'
set interfaces pppoe pppoe0 authentication user 'test1'
set interfaces pppoe pppoe0 description 'WAN1'
set interfaces pppoe pppoe0 remote-address '10.234.0.1'
set interfaces pppoe pppoe0 source-interface 'eth0'
set interfaces pppoe pppoe1 authentication password 'test2'
set interfaces pppoe pppoe1 authentication user 'test2'
set interfaces pppoe pppoe1 description 'WAN2'
set interfaces pppoe pppoe1 remote-address '10.235.0.1'
set interfaces pppoe pppoe1 source-interface 'eth1'

set load-balancing wan flush-connections
set load-balancing wan interface-health pppoe0 failure-count '3'
set load-balancing wan interface-health pppoe0 nexthop '10.234.0.1'
set load-balancing wan interface-health pppoe0 success-count '5'
set load-balancing wan interface-health pppoe0 test 0 resp-time '5'
set load-balancing wan interface-health pppoe0 test 0 target '223.5.5.5'
set load-balancing wan interface-health pppoe0 test 0 ttl-limit '1'
set load-balancing wan interface-health pppoe0 test 0 type 'ping'
set load-balancing wan interface-health pppoe1 failure-count '3'
set load-balancing wan interface-health pppoe1 nexthop '10.235.0.1'
set load-balancing wan interface-health pppoe1 success-count '5'
set load-balancing wan interface-health pppoe1 test 0 resp-time '5'
set load-balancing wan interface-health pppoe1 test 0 target '223.5.5.5'
set load-balancing wan interface-health pppoe1 test 0 ttl-limit '1'
set load-balancing wan interface-health pppoe1 test 0 type 'ping'
set load-balancing wan rule 1 inbound-interface 'br0'
set load-balancing wan rule 1 interface pppoe0 weight '1'
set load-balancing wan rule 1 interface pppoe1 weight '1'
set load-balancing wan rule 1 protocol 'all'
set load-balancing wan rule 2 inbound-interface 'br1'
set load-balancing wan rule 2 interface pppoe0 weight '1'
set load-balancing wan rule 2 interface pppoe1 weight '1'
set load-balancing wan rule 2 protocol 'all'
set load-balancing wan sticky-connections inbound

set nat source rule 1 outbound-interface 'pppoe0'
set nat source rule 1 translation address 'masquerade'
set nat source rule 2 outbound-interface 'pppoe1'
set nat source rule 2 translation address 'masquerade'

set protocols static route 0.0.0.0/0 next-hop 10.234.0.1 interface pppoe0
set protocols static route 0.0.0.0/0 next-hop 10.235.0.1 interface pppoe1

set service dhcp-server shared-network-name dhcp subnet 192.168.10.0/24 default-router '192.168.10.1'
set service dhcp-server shared-network-name dhcp subnet 192.168.10.0/24 dns-server '223.5.5.5'
set service dhcp-server shared-network-name dhcp subnet 192.168.10.0/24 lease '28800'
set service dhcp-server shared-network-name dhcp subnet 192.168.10.0/24 range 0 start '192.168.10.100'
set service dhcp-server shared-network-name dhcp subnet 192.168.10.0/24 range 0 stop '192.168.10.200'

set service pppoe-server access-concentrator 'pppoes'
set service pppoe-server authentication mode 'radius'
set service pppoe-server authentication radius dynamic-author key '408d7e79f84f'
set service pppoe-server authentication radius dynamic-author port '3799'
set service pppoe-server authentication radius dynamic-author server '172.27.0.11'
set service pppoe-server authentication radius nas-identifier 'vyos'
set service pppoe-server authentication radius rate-limit attribute 'Mikrotik-Rate-Limit'
set service pppoe-server authentication radius rate-limit enable
set service pppoe-server authentication radius rate-limit vendor 'Mikrotik'
set service pppoe-server authentication radius server 172.27.0.10 key '408d7e79f84f'
set service pppoe-server authentication radius server 172.27.0.10 port '1812'
set service pppoe-server client-ip-pool start '20.234.0.10'
set service pppoe-server client-ip-pool stop '20.234.255.254'
set service pppoe-server gateway-address '20.234.0.1'
set service pppoe-server interface br0
set service pppoe-server name-server '223.5.5.5'

This is the state of Wan load balancing

vyos@vyos# run show wan-load-balance
Interface:  pppoe0
  Status:  active
  Last Status Change:  Sat Apr 16 07:02:12 2022
  +Test:  ping  Target: 223.5.5.5
    Last Interface Success:  0s 
    Last Interface Failure:  9m7s       
    # Interface Failure(s):  0

Interface:  pppoe1
  Status:  active
  Last Status Change:  Sat Apr 16 07:02:12 2022
  +Test:  ping  Target: 223.5.5.5
    Last Interface Success:  0s 
    Last Interface Failure:  9m7s       
    # Interface Failure(s):  0

[edit]
vyos@vyos# run show wan-load-balance status
Chain WANLOADBALANCE_PRE (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   72 10386 ISP_pppoe0  all  --  br0    *       0.0.0.0/0            0.0.0.0/0            state NEW statistic mode random probability 0.50000000000
   71  8678 ISP_pppoe1  all  --  br0    *       0.0.0.0/0            0.0.0.0/0            state NEW
    0     0 CONNMARK   all  --  br0    *       0.0.0.0/0            0.0.0.0/0            CONNMARK restore
 8487 1019K ISP_pppoe0  all  --  br1    *       0.0.0.0/0            0.0.0.0/0            state NEW statistic mode random probability 0.50000000000
 8480 1015K ISP_pppoe1  all  --  br1    *       0.0.0.0/0            0.0.0.0/0            state NEW
83172   14M CONNMARK   all  --  br1    *       0.0.0.0/0            0.0.0.0/0            CONNMARK restore
[edit]
vyos@vyos# 

To verify this, when I delete the default route, DHCP clients and static IP clients can still access the Internet through load balancing, while PPPoE clients cannot access the Internet.

vyos@vyos# show protocols static route | commands 
set route 0.0.0.0/0 next-hop 10.234.0.1 interface 'pppoe0'
set route 0.0.0.0/0 next-hop 10.235.0.1 interface 'pppoe1'
[edit]
vyos@vyos# run show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

S>* 0.0.0.0/0 [1/0] via 10.234.0.1, pppoe0 onlink, weight 1, 00:11:16
  *                 via 10.235.0.1, pppoe1 onlink, weight 1, 00:11:16
C>* 10.10.10.0/24 is directly connected, eth4, 00:12:18
C * 10.234.0.1/32 is directly connected, pppoe0, 00:11:17
C>* 10.235.0.1/32 is directly connected, pppoe1, 00:11:17
C>* 20.234.0.11/32 is directly connected, ppp2, 00:03:29
C>* 172.27.0.0/20 is directly connected, vtun10, 00:11:16
K>* 172.27.224.0/20 [0/101] via 172.27.0.1, vtun10, 00:11:10
C>* 192.168.10.0/24 is directly connected, br1, 00:12:19
[edit]
vyos@vyos# 
[edit]
vyos@vyos# delete protocols static route
[edit]
vyos@vyos# commit
[edit]
vyos@vyos# run show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

C>* 10.10.10.0/24 is directly connected, eth4, 00:12:44
C * 10.234.0.1/32 is directly connected, pppoe0, 00:11:43
C>* 10.235.0.1/32 is directly connected, pppoe1, 00:11:43
C>* 20.234.0.11/32 is directly connected, ppp2, 00:03:55
C>* 172.27.0.0/20 is directly connected, vtun10, 00:11:42
K>* 172.27.224.0/20 [0/101] via 172.27.0.1, vtun10, 00:11:36
C>* 192.168.10.0/24 is directly connected, br1, 00:12:45
[edit]
vyos@vyos# ping 8.8.8.8
ping: connect: Network is unreachable
[edit]
vyos@vyos# 

At this time, clients accessing the Internet through DHCP can still access the Internet, while clients accessing the Internet through PPPoE cannot connect to the Internet

How can I configure load balancing to run normally on PPPoE clients?

Hello @vhudie121,

Which version of VyOS are you using?

Hello, this is my vyos version information

vyos@vyos# run show version 

Version:          VyOS 1.4-rolling-202204100814
Release train:    sagitta

Built by:         autobuild@vyos.net
Built on:         Sun 10 Apr 2022 08:14 UTC
Build UUID:       6ecd39b4-5c0f-4ad0-be91-e4d5d06e0add
Build commit ID:  79dc790ff311c5

Architecture:     x86_64
Boot via:         installed image
System type:      VMware guest

Hardware vendor:  VMware, Inc.
Hardware model:   VMware Virtual Platform
Hardware S/N:     VMware-56 4d e3 6e 54 7d 69 74-67 51 d8 7e 19 ed 68 8e
Hardware UUID:    6ee34d56-7d54-7469-6751-d87e19ed688e

Copyright:        VyOS maintainers and contributors

@RyVolodya
I’m at vyos1 Version 3.0 tried, and the same result was obtained.

In addition, even if Wan load balancing cannot work, it can also play the effect of load balancing after configuring ECMP. Can this method replace WLB?

S>* 0.0.0.0/0 [1/0] via 10.234.0.1, pppoe0 onlink, weight 1, 00:11:16
  *                 via 10.235.0.1, pppoe1 onlink, weight 1, 00:11:16

There’s a known bug with WLB on latest version: T4352

If possible, please share output of:

sudo nft -a list table ip nat

@n.fort
Hello, this is the output of the command

vyos@vyos# sudo nft -a list table ip nat
table ip nat { # handle 30
        chain PREROUTING { # handle 1
                type nat hook prerouting priority dstnat; policy accept;
        }

        chain POSTROUTING { # handle 2
                type nat hook postrouting priority srcnat; policy accept;
                oifname "pppoe0" counter packets 6274 bytes 602136 masquerade comment "SRC-NAT-1" # handle 13
                oifname "pppoe1" counter packets 7102 bytes 658310 masquerade comment "SRC-NAT-2" # handle 14
        }

        chain VYOS_PRE_DNAT_HOOK { # handle 3
        }

        chain VYOS_PRE_SNAT_HOOK { # handle 4
                counter packets 0 bytes 0 jump WANLOADBALANCE # handle 28
        }

        chain WANLOADBALANCE { # handle 15
                ct mark 0xca counter packets 0 bytes 0 snat to 10.234.200.253 # handle 30
                ct mark 0xc9 counter packets 0 bytes 0 snat to 10.234.200.255 # handle 31
        }
}
[edit]
vyos@vyos# 

Thanks for the output. Definitely a bug on nat rules manipulation on latest 1.4 versions.
For that output, you can try next commands:

sudo nft insert rule ip nat POSTROUTING position 13 counter jump VYOS_PRE_SNAT_HOOK
sudo nft add rule ip nat VYOS_PRE_SNAT_HOOK  return

Let as know if with this workaround you get it working.
Bare in mind that rebooting, or modifications on nat rules, will remove the rules.

Sorry, I don’t know if there is something wrong with my operation or other reasons. I executed the command you gave. Now it looks like this:

[edit]
vyos@vyos# sudo nft -a list table ip nat   
table ip nat { # handle 30
        chain PREROUTING { # handle 1
                type nat hook prerouting priority dstnat; policy accept;
        }

        chain POSTROUTING { # handle 2
                type nat hook postrouting priority srcnat; policy accept;
                counter packets 889 bytes 64943 jump VYOS_PRE_SNAT_HOOK # handle 19
                oifname "pppoe0" counter packets 37 bytes 1978 masquerade comment "SRC-NAT-1" # handle 13
                oifname "pppoe1" counter packets 78 bytes 4787 masquerade comment "SRC-NAT-2" # handle 14
        }

        chain VYOS_PRE_DNAT_HOOK { # handle 3
        }

        chain VYOS_PRE_SNAT_HOOK { # handle 4
                counter packets 889 bytes 64943 jump WANLOADBALANCE # handle 16
                return # handle 20
        }

        chain WANLOADBALANCE { # handle 15
                ct mark 0xc9 counter packets 390 bytes 26744 snat to 10.234.200.255 # handle 17
                ct mark 0xca counter packets 389 bytes 30665 snat to 10.234.200.253 # handle 18
        }
}
[edit]
vyos@vyos# 

However, WLB still doesn’t work on the PPPoE client, and it still goes out from the default route

vyos@vyos# run show wan-load-balance status
Chain WANLOADBALANCE_PRE (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   84 17754 ISP_pppoe0  all  --  br0    *       0.0.0.0/0            0.0.0.0/0            state NEW statistic mode random probability 0.50000000000
   91 26029 ISP_pppoe1  all  --  br0    *       0.0.0.0/0            0.0.0.0/0            state NEW
    0     0 CONNMARK   all  --  br0    *       0.0.0.0/0            0.0.0.0/0            CONNMARK restore
  748 79575 ISP_pppoe0  all  --  br1    *       0.0.0.0/0            0.0.0.0/0            state NEW statistic mode random probability 0.50000000000
  739 78753 ISP_pppoe1  all  --  br1    *       0.0.0.0/0            0.0.0.0/0            state NEW
 100K   53M CONNMARK   all  --  br1    *       0.0.0.0/0            0.0.0.0/0            CONNMARK restore

Sorry to bother you again. It’s worth mentioning that I’m in vyos1 Try the same configuration on 3. The “sudo NFT - a list table IP NAT” output seems to be OK, but it still can’t make the PPPoE client use load balancing

vyos@vyos# sudo nft -a list table ip nat          
table ip nat { # handle 8
        chain PREROUTING { # handle 1
                type nat hook prerouting priority dstnat; policy accept;
                counter packets 1020 bytes 119038 jump VYATTA_PRE_DNAT_HOOK # handle 7
        }

        chain INPUT { # handle 2
                type nat hook input priority 100; policy accept;
        }

        chain POSTROUTING { # handle 3
                type nat hook postrouting priority srcnat; policy accept;
                counter packets 250 bytes 16377 jump VYATTA_PRE_SNAT_HOOK # handle 10
                oifname "pppoe0" counter packets 157 bytes 8993 masquerade  comment "SRC-NAT-1" # handle 11
                oifname "pppoe1" counter packets 75 bytes 4148 masquerade  comment "SRC-NAT-2" # handle 12
        }

        chain OUTPUT { # handle 4
                type nat hook output priority -100; policy accept;
        }

        chain VYATTA_PRE_DNAT_HOOK { # handle 5
                counter packets 1020 bytes 119038 return # handle 6
        }

        chain VYATTA_PRE_SNAT_HOOK { # handle 8
                counter packets 7 bytes 778 jump WANLOADBALANCE # handle 20
                counter packets 250 bytes 16377 return # handle 9
        }

        chain WANLOADBALANCE { # handle 13
                ct mark 0xc9 counter packets 0 bytes 0 snat to 10.234.200.248 # handle 21
                ct mark 0xca counter packets 0 bytes 0 snat to 10.234.200.247 # handle 22
        }
}
[edit]
vyos@vyos# run show wan-load-balance status
Chain WANLOADBALANCE_PRE (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   18  4918 ISP_pppoe0  all  --  br0    *       0.0.0.0/0            0.0.0.0/0            state NEW statistic mode random probability 0.50000000000
   24  4026 ISP_pppoe1  all  --  br0    *       0.0.0.0/0            0.0.0.0/0            state NEW
    0     0 CONNMARK   all  --  br0    *       0.0.0.0/0            0.0.0.0/0            CONNMARK restore
    0     0 ISP_pppoe0  all  --  br1    *       0.0.0.0/0            0.0.0.0/0            state NEW statistic mode random probability 0.50000000000
    0     0 ISP_pppoe1  all  --  br1    *       0.0.0.0/0            0.0.0.0/0            state NEW
    0     0 CONNMARK   all  --  br1    *       0.0.0.0/0            0.0.0.0/0            CONNMARK restore
[edit]
vyos@vyos# run show version 

Version:          VyOS 1.3-rolling-202204161645
Release train:    equuleus

Built by:         j.randomhacker@vyos.io
Built on:         Sat 16 Apr 2022 16:45 UTC
Build UUID:       c20fdd04-463e-402f-9d7e-aaeda55fea8c
Build commit ID:  f9319421e547a9

Architecture:     x86_64
Boot via:         installed image
System type:      VMware guest

Hardware vendor:  VMware, Inc.
Hardware model:   VMware Virtual Platform
Hardware S/N:     VMware-56 4d d1 d4 cb 49 6b da-f2 d6 5a a9 3e cd 94 20
Hardware UUID:    d4d14d56-49cb-da6b-f2d6-5aa93ecd9420

Copyright:        VyOS maintainers and contributors
[edit]
vyos@vyos# 

Now it looks better the ip nat table, and we can see counter increased in WANLOADBALANCE chain.
If still not working on 1.4, maybe it’s related with this other bug: T4362.

It should be clarified that the increase of wanloadbalance count is caused by the DHCP client test of eth3 interface. If I clear the count and use the PPPoE client test of eth2 interface, wanloadbalance does not increase and the traffic is transmitted from the default route.

        chain WANLOADBALANCE { # handle 13
                ct mark 0xc9 counter packets 0 bytes 0 snat to 10.234.200.248 # handle 21
                ct mark 0xca counter packets 0 bytes 0 snat to 10.235.200.248 # handle 22
        }

Until I opened the DHCP client of eth2 interface, the count began to increase.

        chain WANLOADBALANCE { # handle 13
                ct mark 0xc9 counter packets 45 bytes 2548 snat to 10.234.200.248 # handle 21
                ct mark 0xca counter packets 40 bytes 2323 snat to 10.235.200.248 # handle 22
        }

From the following output information, everything is normal, so I wonder if the traffic from the PPPoE client source is not matched or marked for some reason

[edit]
vyos@vyos# run show wan-load-balance status
Chain WANLOADBALANCE_PRE (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 1218  281K ISP_pppoe0  all  --  br0    *       0.0.0.0/0            0.0.0.0/0            state NEW statistic mode random probability 0.50000000000
 1238  285K ISP_pppoe1  all  --  br0    *       0.0.0.0/0            0.0.0.0/0            state NEW
    0     0 CONNMARK   all  --  br0    *       0.0.0.0/0            0.0.0.0/0            CONNMARK restore
  150 24082 ISP_pppoe0  all  --  br1    *       0.0.0.0/0            0.0.0.0/0            state NEW statistic mode random probability 0.50000000000
  169 19204 ISP_pppoe1  all  --  br1    *       0.0.0.0/0            0.0.0.0/0            state NEW
 1332  249K CONNMARK   all  --  br1    *       0.0.0.0/0            0.0.0.0/0            CONNMARK restore
[edit]
vyos@vyos# sudo ip rule show               
0:      from all lookup local
32764:  from all fwmark 0xca lookup 202
32765:  from all fwmark 0xc9 lookup 201
32766:  from all lookup main
32767:  from all lookup default
[edit]
vyos@vyos# sudo ip route show table 201    
default via 10.234.0.1 dev pppoe0 
[edit]
vyos@vyos# sudo ip route show table 202
default via 10.235.0.1 dev pppoe1 
[edit]
vyos@vyos# sudo ip route show
default nhid 66 proto static metric 20 
        nexthop via 10.234.0.1 dev pppoe0 weight 1 onlink 
        nexthop via 10.235.0.1 dev pppoe1 weight 1 onlink 
10.10.10.0/24 dev eth4 proto kernel scope link src 10.10.10.234 
10.235.0.1 dev pppoe1 proto kernel scope link src 10.234.200.247 
10.234.0.1 dev pppoe0 proto kernel scope link src 10.234.200.248 
43.154.249.167 via 10.234.0.1 dev pppoe1 
172.27.0.0/20 dev vtun10 proto kernel scope link src 172.27.0.11 
172.27.224.0/20 via 172.27.0.1 dev vtun10 metric 101 
192.168.10.0/24 dev br1 proto kernel scope link src 192.168.10.1 
[edit]
vyos@vyos# 

Ok, I think i know where is the problem. Not able to do lab, but from your entries:

vyos@vyos# run show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

S>* 0.0.0.0/0 [1/0] via 10.234.0.1, pppoe0 onlink, weight 1, 00:11:16
  *                 via 10.235.0.1, pppoe1 onlink, weight 1, 00:11:16
C>* 10.10.10.0/24 is directly connected, eth4, 00:12:18
C * 10.234.0.1/32 is directly connected, pppoe0, 00:11:17
C>* 10.235.0.1/32 is directly connected, pppoe1, 00:11:17
C>* 20.234.0.11/32 is directly connected, ppp2, 00:03:29
C>* 172.27.0.0/20 is directly connected, vtun10, 00:11:16
K>* 172.27.224.0/20 [0/101] via 172.27.0.1, vtun10, 00:11:10
C>* 192.168.10.0/24 is directly connected, br1, 00:12:19
[edit]

From previous routing table, I can see entry for 20.234.0.11/32, which is directly connected to ppp2 (this would be a PPP Client).

And in wan load balancing config, you have:

set load-balancing wan rule 1 inbound-interface 'br0'

So, packets arriving from ppp client, in our example from ppp2, will not match load-balancing rule, which is expecting packets from br0.

Can’t replicate it now, but you can try:

set load-balancing wan rule 1 inbound-interface ppp+

This will generate rule in firewall and will match all pppX interfaces (for example ppp2). Be aware that this may lead to other problems, since your “WAN” interfaces are also ppp clients (pppoe0 and ppp0e1). You can add “source address” to the rule to avoid this possible inconvenient.
You can verify this configuration (and counters), prior and after changing it, in mangle table

sudo nft -a list table ip mangle
2 Likes

It’s really great. It’s for this reason. The problem has been solved perfectly according to your method

vyos@vyos# set load-balancing wan rule 1 inbound-interface ppp+
vyos@vyos# set load-balancing wan rule 1 source address 20.234.0.0/16

You can see that the traffic has been matched and the load is balanced normally

vyos@vyos# sudo nft -a list table ip mangle
...
        chain WANLOADBALANCE_PRE { # handle 98
                iifname "ppp*" ip saddr 20.234.0.0/16 ct state new  counter packets 498 bytes 43667 jump ISP_pppoe0 # handle 115
                iifname "ppp*" ip saddr 20.234.0.0/16 ct state new counter packets 485 bytes 50722 jump ISP_pppoe1 # handle 116
                iifname "ppp*" ip saddr 20.234.0.0/16 counter packets 155641 bytes 101026197 meta mark set ct mark # handle 117
                iifname "br1" ct state new  counter packets 0 bytes 0 jump ISP_pppoe0 # handle 118
                iifname "br1" ct state new counter packets 0 bytes 0 jump ISP_pppoe1 # handle 119
                iifname "br1" counter packets 0 bytes 0 meta mark set ct mark # handle 120
        }
...
vyos@vyos# run show wan-load-balance status
Chain WANLOADBALANCE_PRE (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  554 49725 ISP_pppoe0  all  --  ppp+   *       20.234.0.0/16        0.0.0.0/0            state NEW statistic mode random probability 0.50000000000
  535 56177 ISP_pppoe1  all  --  ppp+   *       20.234.0.0/16        0.0.0.0/0            state NEW
 156K  101M CONNMARK   all  --  ppp+   *       20.234.0.0/16        0.0.0.0/0            CONNMARK restore
    0     0 ISP_pppoe0  all  --  br1    *       0.0.0.0/0            0.0.0.0/0            state NEW statistic mode random probability 0.50000000000
    0     0 ISP_pppoe1  all  --  br1    *       0.0.0.0/0            0.0.0.0/0            state NEW
    0     0 CONNMARK   all  --  br1    *       0.0.0.0/0            0.0.0.0/0            CONNMARK restore
[edit]

Thank you very much for helping me solve this problem that has bothered me for several days. Thank you very much!

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.