All of lore.kernel.org
 help / color / mirror / Atom feed
From: Nguyen Dinh Nam <64vn@cardvn.net>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Multipath routing + traffic separation problem.
Date: Thu, 07 Apr 2005 00:54:41 +0000	[thread overview]
Message-ID: <1112835281.30643.8.camel@nam> (raw)
In-Reply-To: <A1CC5A75EEC17148A15188C6C11EF27F069202@dc-mail.auranext.int>


[-- Attachment #1.1: Type: text/plain, Size: 2386 bytes --]

Your settings seem to be correct, I just don't know why you don't want
to balance http, https and ftp traffic between both connections? 

About the bug, I haven't used linux 2.4 for a long time, for 2.6, fwmark
is in hexa, so be careful with 10 vs. 0xa, you'd better use values less
than 0xa to avoid confusing.

Also make sure that no default route is added to your main table.


On Wed, 2005-04-06 at 12:09 +0200, Laurent LAVAUD wrote:

> Hello,
> 
> I have set up a multipath gateway.
> System is a linux 2.4.29 kernel, iproute 20010824, iptables 1.2.11.
> 
> here is the setup:
> 
> 
> firewall:/# ip rule
> 0:      from all lookup local 
> 100:    from all lookup main 
> 152:    from all fwmark       10 lookup wan1 
> 153:    from all fwmark       20 lookup wan2 
> 201:    from 213.223.96.121 lookup wan1 
> 202:    from 82.236.230.217 lookup wan2 
> 1000:   from all lookup away 
> 
> Fw-cgarp:/etc/firegate# ip route ls table wan1
> default via 213.223.96.122 dev eth0  src 213.223.96.121 
> prohibit default  metric 1 
> 
> Fw-cgarp:/etc/firegate# ip route ls table wan2
> default via 82.236.230.254 dev eth3  src 82.236.230.217 
> prohibit default  metric 1 
> 
> Fw-cgarp:/etc/firegate# ip route ls table away
> default 
>   nexthop via 82.236.230.254  dev eth3 weight 1
>   nexthop via 213.223.96.122  dev eth0 weight 1
> 
> Fw-cgarp:/etc/firegate# iptables-save -t mangle
> # Generated by iptables-save v1.2.11 on Wed Apr  6 11:57:06 2005
> *mangle
> :PREROUTING ACCEPT [3281:1066576]
> :INPUT ACCEPT [411:32992]
> :FORWARD ACCEPT [2870:1033584]
> :OUTPUT ACCEPT [339:63745]
> :POSTROUTING ACCEPT [3195:1096657]
> -A PREROUTING -p tcp -m tcp --dport 25 -j MARK --set-mark 0xa 
> -A PREROUTING -p tcp -m mport --dports 80,443,21 -j MARK --set-mark 0x14 
> COMMIT
> # Completed on Wed Apr  6 11:57:06 2005
> 
> 
> 
> So with this configuration all the http,https and ftp traffic must be routed by the 'wan2' connection.
> I have done severals tests and it dont work, i have also had a realms mark to my routing rule and with the "rtacct" command i saw that traffic going through the correct rule, but http traffic continues to be balanced between the two connections...
> 
> If someone see the problem ?
> Thx in advance.
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[-- Attachment #1.2: Type: text/html, Size: 3922 bytes --]

[-- Attachment #2: Type: text/plain, Size: 143 bytes --]

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

  reply	other threads:[~2005-04-07  0:54 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-04-06 10:09 [LARTC] Multipath routing + traffic separation problem Laurent LAVAUD
2005-04-07  0:54 ` Nguyen Dinh Nam [this message]
2005-04-07  7:47 ` RE : " Laurent LAVAUD

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1112835281.30643.8.camel@nam \
    --to=64vn@cardvn.net \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.