two router connected to the internet

two router connected to the internet

[rodolphe]

Hello,

i have two router connected to the internet and i want to send my tcp 
connection between them.

this is my iptables script :

############################################################################


iptables -t mangle -N INTERNET
iptables -t mangle -N INTERNET_ROUTER_1
iptables -t mangle -N INTERNET_ROUTER_2

#le paquet est t'il en direction d'internet
iptables -o eth2 -t mangle -A POSTROUTING -p tcp -d ! 10.0.0.0/8 -j 
INTERNET

iptables -t mangle -N INTERNET
iptables -t mangle -A INTERNET -j CONNMARK --restore-mark

# 50 % connection vers router 1
iptables -t mangle -A INTERNET -m mark --mark 0 -p TCP --tcp-flags ALL 
SYN -m random --average 50 -j MARK --set-mark 1
iptables -t mangle -A INTERNET -m mark --mark 1 -j CONNMARK --save-mark
iptables -t mangle -A INTERNET -m mark --mark 1 -j INTERNET_ROUTER_1

# le reste vers router 2
iptables -t mangle -A INTERNET -m mark --mark 0 -p TCP --tcp-flags ALL 
SYN -j MARK --set-mark 2
iptables -t mangle -A INTERNET -m mark --mark 2 -j CONNMARK --save-mark
iptables -t mangle -A INTERNET -m mark --mark 2 -j INTERNET_ROUTER_2

iptables -t mangle -A INTERNET -j RETURN

iptables -t mangle -A INTERNET_ROUTER_1 -j ROUTE --gw 10.0.2.200
iptables -t mangle -A INTERNET_ROUTER_2 -j ROUTE --gw 10.0.2.254
############################################################################



it seems that i have a problem with CONNTRACK marking, i don't retreive 
the mark to route correctly the packets.

My config is kernel 2.6.11.10 with iptables 1.3.1 and last pom.

Thanks for help

Re: two router connected to the internet

[Jan Engelhardt]

> Hello,
>
> i have two router connected to the internet and i want to send my tcp
> connection between them.

If I seen right, then there is a "multipath equal cost Round Robin" method in 
2.6.12-rc4 which does this at the routing level, so it would not require you 
to do at the netfilter level.


Jan Engelhardt
-- 

Re: two router connected to the internet

[rodolphe]

I don't want to do equal Round Robin, my isps hasn't got the same 
weight, and i have only one interface to connect to the router. I have 
found script on the net but for as many interfaces as routers. (I can't 
had an other interface it's an embedded system)



Jan Engelhardt a écrit :

>>Hello,
>>
>>i have two router connected to the internet and i want to send my tcp
>>connection between them.
>>    
>>
>
>If I seen right, then there is a "multipath equal cost Round Robin" method in 
>2.6.12-rc4 which does this at the routing level, so it would not require you 
>to do at the netfilter level.
>
>
>Jan Engelhardt
>  
>

Re: two router connected to the internet

[Jan Engelhardt]

> I don't want to do equal Round Robin, my isps hasn't got the same weight, and i
> have only one interface to connect to the router. I have found script on the
> net but for as many interfaces as routers. (I can't had an other interface it's
> an embedded system)

There's also a "weighted round robin" option ;-)



Jan Engelhardt
-- 

Re: two router connected to the internet

[rodolphe]

i try

ip route add default scope global nexthop via 10.0.2.200 weight 2 \
nexthop via 10.0.2.254  weight 1

and it seems to work

thank you very much Jan for help