Re: [Bugme-new] [Bug 8325] New: -j REDIRECT --to-ports 1000-1009, always first choosen

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* Re: [Bugme-new] [Bug 8325] New: -j REDIRECT --to-ports 1000-1009, always first choosen
       [not found] <200704132053.l3DKrC9X000466@fire-2.osdl.org>
@ 2007-04-13 21:47 ` Andrew Morton
  2007-04-16  5:12   ` Patrick McHardy
  0 siblings, 1 reply; 6+ messages in thread
From: Andrew Morton @ 2007-04-13 21:47 UTC (permalink / raw)
  To: netdev; +Cc: bugme-daemon@kernel-bugs.osdl.org, wijata

On Fri, 13 Apr 2007 13:53:12 -0700
bugme-daemon@bugzilla.kernel.org wrote:

> http://bugzilla.kernel.org/show_bug.cgi?id=8325
> 
>            Summary: -j REDIRECT --to-ports 1000-1009, always first choosen
>     Kernel Version: 2.6.19-1.2911.fc6PAE 2.6.19-gentoo-r4
>             Status: NEW
>           Severity: normal
>              Owner: networking_netfilter-iptables@kernel-bugs.osdl.org
>          Submitter: wijata@nec-labs.com
> 
> 
> Most recent kernel where this bug did *NOT* occur:
> Distribution: FC6, gentoo
> Hardware Environment:
> Software Environment:
> Problem Description:
> 
> Steps to reproduce:
> Try redirecting to range of ports with iptables, kernel(?) will always redirect 
> to first port from given range.
> 

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [Bugme-new] [Bug 8325] New: -j REDIRECT --to-ports 1000-1009, always first choosen
  2007-04-13 21:47 ` [Bugme-new] [Bug 8325] New: -j REDIRECT --to-ports 1000-1009, always first choosen Andrew Morton
@ 2007-04-16  5:12   ` Patrick McHardy
  2007-04-16  5:26     ` Denys
  0 siblings, 1 reply; 6+ messages in thread
From: Patrick McHardy @ 2007-04-16  5:12 UTC (permalink / raw)
  To: wijata; +Cc: Andrew Morton, netdev, bugme-daemon@kernel-bugs.osdl.org

Andrew Morton wrote:
> On Fri, 13 Apr 2007 13:53:12 -0700
> bugme-daemon@bugzilla.kernel.org wrote:
> 
> 
>>http://bugzilla.kernel.org/show_bug.cgi?id=8325
>>
>>           Summary: -j REDIRECT --to-ports 1000-1009, always first choosen
>>    Kernel Version: 2.6.19-1.2911.fc6PAE 2.6.19-gentoo-r4
>>            Status: NEW
>>          Severity: normal
>>             Owner: networking_netfilter-iptables@kernel-bugs.osdl.org
>>         Submitter: wijata@nec-labs.com
>>
>>
>>Most recent kernel where this bug did *NOT* occur:
>>Distribution: FC6, gentoo
>>Hardware Environment:
>>Software Environment:
>>Problem Description:
>>
>>Steps to reproduce:
>>Try redirecting to range of ports with iptables, kernel(?) will always redirect 
>>to first port from given range.


It will use a different port if there is a clash (a connection with the
same identity already exists). I'm guessing you're expecting that it
will use the ports in order. We might be able to change that, but I
don't really see a case where it would make sense. Please describe what
you're trying to do.


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [Bugme-new] [Bug 8325] New: -j REDIRECT --to-ports 1000-1009, always first choosen
  2007-04-16  5:12   ` Patrick McHardy
@ 2007-04-16  5:26     ` Denys
  2007-04-16  5:30       ` Patrick McHardy
  0 siblings, 1 reply; 6+ messages in thread
From: Denys @ 2007-04-16  5:26 UTC (permalink / raw)
  To: Patrick McHardy, wijata
  Cc: Andrew Morton, netdev, bugme-daemon@kernel-bugs.osdl.org

Sorry, i will put my IMHO, since i am using it too.

I guess it can be useful for load-balancing scenario.
Is there way to provide both ways?
Thinking... 60% done, But maybe this can be done over -m statistic already

On Mon, 16 Apr 2007 07:12:33 +0200, Patrick McHardy wrote
> Andrew Morton wrote:
> > On Fri, 13 Apr 2007 13:53:12 -0700
> > bugme-daemon@bugzilla.kernel.org wrote:
> > 
> > 
> >>http://bugzilla.kernel.org/show_bug.cgi?id=8325
> >>
> >>           Summary: -j REDIRECT --to-ports 1000-1009, always first choosen
> >>    Kernel Version: 2.6.19-1.2911.fc6PAE 2.6.19-gentoo-r4
> >>            Status: NEW
> >>          Severity: normal
> >>             Owner: networking_netfilter-iptables@kernel-bugs.osdl.org
> >>         Submitter: wijata@nec-labs.com
> >>
> >>
> >>Most recent kernel where this bug did *NOT* occur:
> >>Distribution: FC6, gentoo
> >>Hardware Environment:
> >>Software Environment:
> >>Problem Description:
> >>
> >>Steps to reproduce:
> >>Try redirecting to range of ports with iptables, kernel(?) will always 
redirect 
> >>to first port from given range.
> 
> It will use a different port if there is a clash (a connection with the
> same identity already exists). I'm guessing you're expecting that it
> will use the ports in order. We might be able to change that, but I
> don't really see a case where it would make sense. Please describe what
> you're trying to do.
> 
> -
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html


--
Denys Fedoryshchenko
Technical Manager
Virtual ISP S.A.L.


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [Bugme-new] [Bug 8325] New: -j REDIRECT --to-ports 1000-1009, always first choosen
  2007-04-16  5:26     ` Denys
@ 2007-04-16  5:30       ` Patrick McHardy
  2007-04-16  5:45         ` Denys
  0 siblings, 1 reply; 6+ messages in thread
From: Patrick McHardy @ 2007-04-16  5:30 UTC (permalink / raw)
  To: Denys; +Cc: wijata, Andrew Morton, netdev, bugme-daemon@kernel-bugs.osdl.org

Denys wrote:
> Sorry, i will put my IMHO, since i am using it too.
> 
> I guess it can be useful for load-balancing scenario.


That makes sense with using multiple IPs (and we support doing that),
but whats the point of load-balancing to differenet *ports*?

> Is there way to provide both ways?
> Thinking... 60% done, But maybe this can be done over -m statistic already


2.6.21-rc supports randomized port selection (with iptables userspace
from SVN). Using the statistic match would work as well.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [Bugme-new] [Bug 8325] New: -j REDIRECT --to-ports 1000-1009, always first choosen
  2007-04-16  5:30       ` Patrick McHardy
@ 2007-04-16  5:45         ` Denys
  2007-04-16  5:52           ` Patrick McHardy
  0 siblings, 1 reply; 6+ messages in thread
From: Denys @ 2007-04-16  5:45 UTC (permalink / raw)
  To: Patrick McHardy
  Cc: wijata, Andrew Morton, netdev, bugme-daemon@kernel-bugs.osdl.org




On Mon, 16 Apr 2007 07:30:33 +0200, Patrick McHardy wrote
> Denys wrote:
> > Sorry, i will put my IMHO, since i am using it too.
> > 
> > I guess it can be useful for load-balancing scenario.
> 
> That makes sense with using multiple IPs (and we support doing that),
> but whats the point of load-balancing to differenet *ports*?

Easy - for example i have my own TCP acceleration solution, which is using 
REDIRECT, then getsockopt/SO_ORIGINAL_DST to get original IP, then forwarding 
to compressed tunnel, stripping unneeded bytes (oh, my expensive satellite 
bandwidth). This way for example i can do some kind load-balancing for 
satellite bandwidth. But i have done it over -m statistic.

> 
> > Is there way to provide both ways?
> > Thinking... 60% done, But maybe this can be done over -m statistic already
> 
> 2.6.21-rc supports randomized port selection (with iptables userspace
> from SVN). Using the statistic match would work as well.
> -
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html


--
Denys Fedoryshchenko
Technical Manager
Virtual ISP S.A.L.


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [Bugme-new] [Bug 8325] New: -j REDIRECT --to-ports 1000-1009, always first choosen
  2007-04-16  5:45         ` Denys
@ 2007-04-16  5:52           ` Patrick McHardy
  0 siblings, 0 replies; 6+ messages in thread
From: Patrick McHardy @ 2007-04-16  5:52 UTC (permalink / raw)
  To: Denys; +Cc: wijata, Andrew Morton, netdev, bugme-daemon@kernel-bugs.osdl.org

Denys wrote:
> On Mon, 16 Apr 2007 07:30:33 +0200, Patrick McHardy wrote
> 
>>That makes sense with using multiple IPs (and we support doing that),
>>but whats the point of load-balancing to differenet *ports*?
> 
> 
> Easy - for example i have my own TCP acceleration solution, which is using 
> REDIRECT, then getsockopt/SO_ORIGINAL_DST to get original IP, then forwarding 
> to compressed tunnel, stripping unneeded bytes (oh, my expensive satellite 
> bandwidth). This way for example i can do some kind load-balancing for 
> satellite bandwidth. 


That sounds rather hackish, you might as well do it in your application.

I just noticed we don't accept the random option for DNAT/REDIRECT yet,
but that is easily fixed (I'll queue a patch for 2.6.22). Then this
will work and select ports from the range randomly:

iptables -t nat -A INPUT .. -j REDIRECT --to-ports 1000:1010 --random

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2007-04-16  5:54 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <200704132053.l3DKrC9X000466@fire-2.osdl.org>
2007-04-13 21:47 ` [Bugme-new] [Bug 8325] New: -j REDIRECT --to-ports 1000-1009, always first choosen Andrew Morton
2007-04-16  5:12   ` Patrick McHardy
2007-04-16  5:26     ` Denys
2007-04-16  5:30       ` Patrick McHardy
2007-04-16  5:45         ` Denys
2007-04-16  5:52           ` Patrick McHardy

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).