Re: Multiple inet gw and multipath

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Alpt <alpt-6BmP915+9Ldg9hUCZPvPmw@public.gmane.org>
To: Philip Craig <philipc-XXXsiaCtIV5Wk0Htik3J/w@public.gmane.org>
Cc: netfilter-wool9L35kiczKOhml7GhPkB+6BGkLq7r@public.gmane.org,
	netsukuku-6BmP915+9Ldg9hUCZPvPmw@public.gmane.org
Subject: Re: Multiple inet gw and multipath
Date: Thu, 2 Mar 2006 03:38:28 +0100	[thread overview]
Message-ID: <20060302023828.GA14670@nihil> (raw)
In-Reply-To: <440532BA.40009-XXXsiaCtIV5Wk0Htik3J/w@public.gmane.org>

On Wed, Mar 01, 2006 at 03:35:54PM +1000, <Philip Craig>:
~> On 03/01/2006 02:55 PM, Alpt wrote:
~> > We have multiple gw. When a new connection is established through a gw,
~> > all the packets belonging to the same connection must be sent through the
~> > same gw. 
~> > We cannot use the source routing method since all the IFs use the same IP,
~> > thus in order to accomplish this we have to:
~> > mark with the same id all the packets which belong to the same
~> > connection.
~> > Each connection has to have a different mark in order to go through
~> > different gateways.

~> It should work if you just mark the connection with the same mark
~> you use for the route tables.  Some untested rules:
~> # Save the gateway in the connection mark for new outgoing connections
~> iptables -t mangle -A POSTROUTING -o eth0 -m conntrack --ctstate NEW -j CONNMARK --set-mark 0x4
~> iptables -t mangle -A POSTROUTING -o eth1 -m conntrack --ctstate NEW -j CONNMARK --set-mark 0x8
~> # Use the correct gateway for reply packets from local connections
~> iptables -t mangle -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j CONNMARK --restore-mark

Thanks for your advice, it works.
Here below there are the rules and routes we've used in the tests.
(I'm including them here because they might be useful to someone who'll read
the archive of the ml in search of the solution for the same problem ;)

pc1:~/src# ip rule
0:      from all lookup local 
32764:  from 10.198.117.159 fwmark 0x8 lookup 202 
32765:  from 10.198.117.159 fwmark 0x4 lookup 201 
32766:  from all lookup main 
32767:  from all lookup default 
pc1:~/src# 

pc1:~/src# ip route show table 201
default via 10.198.117.95 dev tunl0 

pc1:~/src# ip route show table 202
default via 10.198.117.3 dev tunl1 
pc1:~/src# 

pc1:~/src# ip route
10.198.117.3 via 10.198.117.159 dev eth0  proto 15  scope link 
10.198.117.95 via 10.198.117.159 dev eth1  proto 15  scope link 
10.0.0.0/8 dev eth0  proto kernel  scope link  src 10.198.117.159 
10.0.0.0/8 dev eth1  proto kernel  scope link  src 10.198.117.159 
10.0.0.0/8 dev tunl0  proto kernel  scope link  src 10.198.117.159 
10.0.0.0/8 dev tunl1  proto kernel  scope link  src 10.198.117.159 
default equalize 
        nexthop via 10.198.117.95  dev tunl0 weight 1
        nexthop via 10.198.117.3  dev tunl1 weight 1
pc1:~/src# 

iptables -t mangle -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED  -j CONNMARK --restore-mark
iptables -t mangle -A POSTROUTING -o tunl0 -m conntrack --ctstate NEW -j CONNMARK --set-mark 0x4
iptables -t mangle -A POSTROUTING -o tunl1 -m conntrack --ctstate NEW -j CONNMARK --set-mark 0x8

ip rule add from  10.198.117.159 fwmark 0x4 lookup 201
ip rule add from  10.198.117.159 fwmark 0x8 lookup 202

ip route add table 201 default via 10.198.117.95  dev tunl0
ip route add table 202 default via 10.198.117.3  dev tunl1

-- 
:wq!
"I don't know nothing" The One Who reached the Thinking Matter   '.'

[ Alpt --- Freaknet Medialab ]
[ GPG Key ID 441CF0EE ]
[ Key fingerprint = 8B02 26E8 831A 7BB9 81A9  5277 BFF8 037E 441C F0EE ]

next prev parent reply	other threads:[~2006-03-02  2:38 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-02-28 23:06 Multiple inet gw and multipath Gary W. Smith
     [not found] ` <57F9959B46E0FA4D8BA88AEDFBE582901673AA-pXpRIbuYcI+xSBpebk8nUM8lm8qNBeZ/JUWSQBdlaSk@public.gmane.org>
2006-03-01  4:55   ` Alpt
2006-03-01  5:35     ` Philip Craig
     [not found]       ` <440532BA.40009-XXXsiaCtIV5Wk0Htik3J/w@public.gmane.org>
2006-03-02  2:38         ` Alpt [this message]
  -- strict thread matches above, loose matches on Subject: below --
2006-02-28 21:44 Alpt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060302023828.GA14670@nihil \
    --to=alpt-6bmp915+9ldg9huczpvpmw@public.gmane.org \
    --cc=netfilter-wool9L35kiczKOhml7GhPkB+6BGkLq7r@public.gmane.org \
    --cc=netsukuku-6BmP915+9Ldg9hUCZPvPmw@public.gmane.org \
    --cc=philipc-XXXsiaCtIV5Wk0Htik3J/w@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.