From: Esteban <eribicic@sinectis.com>
To: fabrice@netfilter.org
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: [NEW TARGET] MARKCB connection marking balancing
Date: 03 Mar 2003 12:31:11 -0300 [thread overview]
Message-ID: <1046705471.2728.150.camel@debian> (raw)
In-Reply-To: <200303031653.47644.fabrice@netfilter.org>
what is that nth? i couldnt find in iptables man page.
where can i find more information?
thanks,
ps: is there any diference between using -j SNAT --to-source and -j
MASQUERADE? ive got static ip address on my internet connection?
cause ive got my internal network masqueraded and i try to use fwmarks
in preroutinng to route to another gw i have (iproute2)..and it works
(packets goes from internal to destination over the gw i choose) but
they dont come back because nat is not applyed and ofcourse, internal
packets are not routeable packets (10.0.0.0/24)..any idea? that would be
a smooth solution for balance traffic.
On Mon, 2003-03-03 at 05:53, Fabrice MARIE wrote:
>
> Dzien Dobre Maciek,
>
> On Monday 03 March 2003 09:25, Maciek Zobniow wrote:
> > Hi all!
> > This is my first message to this list and I want to annouce a first
> > version of my new netfilter module for connection tracking balancing.
> > First maybe I will try to describe what this target should do:
> > I made this as a solution for balancing connections from one LAN,
> > betewen a few providers links, but I think that is possible to find
> > another good usages for this target.
> > Idea is quite simply: each connection (yes, connection not packet) which
> > arrived to this target is marked. It recive one mark which is use for
> > marking all packets from this connection. Marks are sharing by choosen
> > algorithm (for now I implemented RR, WRR and special one- basing on
> > amout of data for each mark for last 1000 packets).
> > [...]
>
> Just out of curiosity, how different is that from using the nth match
> to do RR SNATting ?
>
> [
> i.e, Taken from the example section of the patch:
>
> iptables -t nat -A POSTROUTING -o eth0 -m nth --counter 7 --every 3 --packet 0 -j SNAT --to-source 10.0.0.5
> iptables -t nat -A POSTROUTING -o eth0 -m nth --counter 7 --every 3 --packet 1 -j SNAT --to-source 10.0.0.6
> iptables -t nat -A POSTROUTING -o eth0 -m nth --counter 7 --every 3 --packet 2 -j SNAT --to-source 10.0.0.7
>
> This example evenly splits connections between the three SNAT addresses.
> ]
>
> Using nth, we use the fact that only the first packet of connections need to be SNATed.
> This extension to the nth original patch was made by Richard. I haven't tried it myself yet though
> as I have only one ISP :-)
>
> Have a nice day,
>
> Fabrice.
> --
> Fabrice MARIE
>
> "Silly hacker, root is for administrators"
> -Unknown
>
>
next prev parent reply other threads:[~2003-03-03 15:31 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-03-03 1:25 [NEW TARGET] MARKCB connection marking balancing Maciek Zobniow
2003-03-03 8:53 ` Fabrice MARIE
2003-03-03 15:31 ` Esteban [this message]
2003-03-03 9:12 ` Patrick Schaaf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1046705471.2728.150.camel@debian \
--to=eribicic@sinectis.com \
--cc=fabrice@netfilter.org \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.