From mboxrd@z Thu Jan  1 00:00:00 1970
From: Nguyen Dinh Nam <64vn@cardvn.net>
Date: Thu, 17 Feb 2005 10:29:09 +0000
Subject: Re: [LARTC] Load Balancer setting for Public Servers
Message-Id: <421471F5.6030602@cardvn.net>
List-Id: <lartc.vger.kernel.org>
References: <FHEJLKKJFOAHALHJLCJEMEKECDAA.sureerat.pha@eqho.com>
In-Reply-To: <FHEJLKKJFOAHALHJLCJEMEKECDAA.sureerat.pha@eqho.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Not enough, my tutorial only discuss about CONNMARK outgoing NEW packets 
in POSTROUTING, if you want to DNAT connections from internet to some 
computers in your LAN, you must also CONNMARK incoming NEW packets in 
PREROUTING too. I want to keep the tutorial short and simple so I don't 
write about it, you can consult CONNMARK in PREROUTING in RoutesKeeper's 
source code.
Lacking CONNMARK in PREROUTING, some of your SYN/ACK packets may be 
DROPed by ISPs.
 From kernel 2.6.10, CONNMARK is included already, you don't have to 
patch anything.

Sureerat P. (EQHO) wrote:

>Hi all,
>
>Thank you for your kindly reply.
>
>So my next step should be as following:
>
>1. patch the kernel with patch-o-matic
>2. add more config with iptables+connmark as described in
>http://selab.edu.ms/twiki/bin/view/Networking/MultihomedLinuxNetworking
>
>Please you help me suggest whether my understanding is correct. Thank you.
>
>Best regards,
>
>Sureerat P.
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/