I have some more information :
after modifying libipt_nth.c to show the "counter" when doing an
iptables -t mangle -L command, I discovered that even though I have
been setting the counter, it treats all my rules (if you call them
that) as having a counter value of ''0''.
I''m thinking this must be a bug with the ''nth'' code.
I''ll try
researching this / reporting this to the netfilter.
-Joe
On 4/29/05, Joe Nuts <joenuts@gmail.com> wrote:> Hi all, I need some guidance to get my problem fixed. I believe there
> is an issue with the ''nth'' patch from the patch-o-matic,
which is
> labeled as status ''works''.
> I have tunnels back and forth across the internet, using
''nth'' to
> balance packets between different public networks (over the tunnels).
> I need to access some networks over two tunnels, and some network over
> three tunnels. I cant get routing working correctly when combinations
> of two and three tunnels are involved.
> *now for the more techincal explanation*
> Tunnel Server 1 (kernel 2.4.28, iptables 1.2.11 with nth and route)
> Network A is delivered over three tunnels to Tunnel Client A (works fine)
> Network B is delivered over three tunnels to Tunnel Client B (works fine)
>
> Tunnel Server 2 (kernel 2.6.11, iptables 1.3.1 with nth and route)
> Network C is delivered over two tunnels to Tunnel Client C (works fine)
> Network D is delivered over two tunnels to Tunnel Client D (works fine)
>
> when network C is moved to to tunnel server 1, network A and B work
> fine, network C traffic gets excessive packet loss
> when network A is moved to tunnel server 2, network C and D get
> excessive packet loss, network A works fine.
>
> I''m using a different counter for each network, also, the mangle
rule
> only applies to traffic destined for each network. I dont understand
> why one would be effecting the other, but it does.
>
> Here is my iptables -t mangle -L on tunnel server 2, before adding,
> and after adding.
>
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
> ROUTE all -- anywhere (Network C) every 2th packet
> #0 ROUTE oif:AMC_TUN1 gw:172.16.0.38
> ROUTE all -- anywhere (Network C) every 2th packet
> #1 ROUTE oif:AMC_TUN2 gw:172.16.0.42
> ROUTE all -- anywhere (Network D) every 2th packet
> #0 ROUTE oif:TB_TUN1 gw:172.16.0.26
> ROUTE all -- anywhere (Network D) every 2th packet
> #1 ROUTE oif:TB_TUN2 gw:172.16.0.30
>
> iptables -t mangle -A POSTROUTING --destination (Network A) -m nth
> --counter 2 --every 3 --packet 0 -j ROUTE --oif ASI_TEST_TUN1 --gw
> 172.30.0.14
>
> iptables -t mangle -A POSTROUTING --destination (Network A) -m nth
> --counter 2 --every 3 --packet 1 -j ROUTE --oif ASI_TEST_TUN2 --gw
> 172.30.0.18
>
> iptables -t mangle -A POSTROUTING --destination (Network A) -m nth
> --counter 2 --every 3 --packet 2 -j ROUTE --oif ASI_TEST_TUN3 --gw
> 172.30.0.22
>
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
> ROUTE all -- anywhere (Network C) every 2th packet
> #0 ROUTE oif:AMC_TUN1 gw:172.16.0.38
> ROUTE all -- anywhere (Network C) every 2th packet
> #1 ROUTE oif:AMC_TUN2 gw:172.16.0.42
> ROUTE all -- anywhere (Network D) every 2th packet
> #0 ROUTE oif:TB_TUN1 gw:172.16.0.26
> ROUTE all -- anywhere (Network D) every 2th packet
> #1 ROUTE oif:TB_TUN2 gw:172.16.0.30
> ROUTE all -- anywhere (Network A) every 3th packet
> #0 ROUTE oif:ASI_TEST_TUN1 gw:172.30.0.14
> ROUTE all -- anywhere (Network A) every 3th packet
> #1 ROUTE oif:ASI_TEST_TUN2 gw:172.30.0.18
> ROUTE all -- anywhere (Network A) every 3th packet
> #2 ROUTE oif:ASI_TEST_TUN3 gw:172.30.0.22
>
> If any more information is needed to help troubleshoot, please let me know.
> Thanks for any suggestions
> -Joe
>