From mboxrd@z Thu Jan 1 00:00:00 1970 From: Vinod Chandran Date: Wed, 31 May 2006 12:38:31 +0000 Subject: Re: [LARTC] Problems with Routing and Masquerading Message-Id: <447D8B77.3060609@multitech.co.in> List-Id: References: <447C5773.3000608@multitech.co.in> In-Reply-To: <447C5773.3000608@multitech.co.in> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Hi, Thanks Jason for the solution. With CONNMARK, I was able to route the packets properly. Yeah, the problem was seen only for SSH sessions, I didnot see the problem with the Telnet and Ping sessions. TOS could be the answer to that. The only change I had to do as far the CONNMARK solution was that in the PREROUTING chain, I had to add the rule with "-i eth0" where eth0 is my LAN, otherwise the return packets were not reaching the box in LAN. Thanks and Regards, Vinod C Raj Mathur wrote: >>>>>>"Jason" = Jason Boxman writes: >>>>>> >>>>>> > > Jason> Luciano Ruete wrote: > >> Besides that, you need to solve the problems that multipath > >> will arise, like TOS situation described above or route cache > >> expiration, that could made long term conns to be routed over a > >> new iface. The solutions i know are CONNMARK(kernel>=2.6.12) > >> and julian's patches[1]. Personally i prefer CONNMARK. > > Jason> Could you elaborate a little more on the CONNMARK method? > >I second that motion -- not too clear on the interaction between SNAT, >multiple interfaces, multiple default routes and CONNMARK mode="metoo">. If someone could take out the time to make a complete >example with (say) 2 outgoing interfaces, I promise a small GPL script >in exchange which would automate the whole process. > >Actually the script's already made, but it doesn't use CONNMARK and >suffers from the problems Jason describes and as documented in: > > http://mailman.ds9a.nl/pipermail/lartc/2006q1/018220.html > >Regards, > >-- Raju > > _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc