From: Nelson Castillo <nelsoneci@gmail.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Routing for multiple uplinks/providers problem.
Date: Thu, 28 Jul 2005 16:18:42 +0000 [thread overview]
Message-ID: <2accc2ff050728091870b1bbfb@mail.gmail.com> (raw)
In-Reply-To: <marc-lartc-104638816125616@msgid-missing>
Hi John.
On 7/28/05, John McMonagle <johnm@advocap.org> wrote:
> Find that if I ping the same site from 2 computers it may work on one
> and fail on the other.
> Also was surprised that some time they are going out different
> interfaces at the same time.
Same symptoms I had.
> Have snat on both interfaces
When you SNAT incoming packets, you need to do something different
from what is in the HOWTO ([4]) because SNAT is done before the
routing desition (check the Kernel Packet Traveling Diagram[5]).
I had the same problem [1]. The solution is to use conntrack and mark
packets on arrival, and then route them back using the fwmark[2].
There's no need to tell you I had a hard time with this. There should
be a warning about this in the HOWTO (in this page [4]).
The proposed solution I quote in [2] worked for me for the
multiple uplink providers + SNAT problem.
It is (Using the same variables that are in the HOWTO [4]):
1) Mark packages on arrival:
iptables -t mangle -A PREROUTING -m conntrack --ctorigdst $IP1 -j
MARK --set-mark=1
iptables -t mangle -A PREROUTING -m conntrack --ctorigdst $IP2 -j
MARK --set-mark=2
And then use the mark to route the outgoing packages correctly.
ip rule add fwmark 1 table T1
ip rule add fwmark 2 table T2
Regards,
Nelson.-
PD : I solved my problem with IPVS and multiple uplink providers (see [3]).
[1] http://mailman.ds9a.nl/pipermail/lartc/2005q2/016171.html
[2] http://mailman.ds9a.nl/pipermail/lartc/2005q2/016441.html
[3] http://arhuaco.blogspot.com/2005/07/ipvs-and-conntrack.html
[4] http://lartc.org/howto/lartc.rpdb.multiple-links.html
[5] http://www.docum.org/docum.org/kptd/
--
Homepage : http://geocities.com/arhuaco
The first principle is that you must not fool yourself
and you are the easiest person to fool.
-- Richard Feynman.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
next prev parent reply other threads:[~2005-07-28 16:18 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-02-27 23:22 [LARTC] Routing for multiple uplinks/providers Viaris
2003-03-01 23:04 ` Martin A. Brown
2005-07-28 15:49 ` [LARTC] Routing for multiple uplinks/providers problem John McMonagle
2005-07-28 16:18 ` Nelson Castillo [this message]
2005-07-28 16:32 ` Nelson Castillo
2005-08-01 13:32 ` John McMonagle
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2accc2ff050728091870b1bbfb@mail.gmail.com \
--to=nelsoneci@gmail.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.