From: Nguyen Dinh Nam <64vn@cardvn.net>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Load Balancer setting for Public Servers
Date: Thu, 17 Feb 2005 10:29:09 +0000 [thread overview]
Message-ID: <421471F5.6030602@cardvn.net> (raw)
In-Reply-To: <FHEJLKKJFOAHALHJLCJEMEKECDAA.sureerat.pha@eqho.com>
Not enough, my tutorial only discuss about CONNMARK outgoing NEW packets
in POSTROUTING, if you want to DNAT connections from internet to some
computers in your LAN, you must also CONNMARK incoming NEW packets in
PREROUTING too. I want to keep the tutorial short and simple so I don't
write about it, you can consult CONNMARK in PREROUTING in RoutesKeeper's
source code.
Lacking CONNMARK in PREROUTING, some of your SYN/ACK packets may be
DROPed by ISPs.
From kernel 2.6.10, CONNMARK is included already, you don't have to
patch anything.
Sureerat P. (EQHO) wrote:
>Hi all,
>
>Thank you for your kindly reply.
>
>So my next step should be as following:
>
>1. patch the kernel with patch-o-matic
>2. add more config with iptables+connmark as described in
>http://selab.edu.ms/twiki/bin/view/Networking/MultihomedLinuxNetworking
>
>Please you help me suggest whether my understanding is correct. Thank you.
>
>Best regards,
>
>Sureerat P.
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2005-02-17 10:29 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-02-16 3:34 [LARTC] Load Balancer setting for Public Servers Sureerat P. (EQHO)
2005-02-16 10:28 ` Nguyen Dinh Nam
2005-02-16 11:16 ` Sureerat P. (EQHO)
2005-02-16 12:28 ` Tóth Nándor
2005-02-16 15:44 ` Nguyen Dinh Nam
2005-02-17 0:17 ` Julian Anastasov
2005-02-17 7:28 ` Sureerat P. (EQHO)
2005-02-17 10:29 ` Nguyen Dinh Nam [this message]
2005-02-17 11:44 ` Julian Anastasov
2005-02-17 13:14 ` Sureerat P. (EQHO)
2005-02-18 7:14 ` Julian Anastasov
2005-02-18 7:47 ` Sureerat P. (EQHO)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=421471F5.6030602@cardvn.net \
--to=64vn@cardvn.net \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.