Nelson Castillo
2005-Jun-20 16:42 UTC
routing for multiple uplinks + DNAT (LVS in my case)
Hi. Contents: 1) Introduction 2) 2 Questions * Introduction: I used this HOWTO to use multiple providers. http://lartc.org/howto/lartc.rpdb.multiple-links.html The box is a load balancer, using the Linux Virtual Server. We have a problem with lost connections, and it seems you get issues when you combine this setup with DNAT [1]. The proposed solution [1] is to use these rules to mark packages with the conntrack module ... so I guess you mark all the packages that belong to the connection when it''s established (and every package before they get DNATted). # iptables -t mangle -A PREROUTING -m conntrack --ctorigdst $IP1 -j MARK --set-mark=1 # iptables -t mangle -A PREROUTING -m conntrack --ctorigdst $IP2 -j MARK --set-mark=2 And then use the mark to route the outgoing packages correctly. # ip rule add fwmark 1 table T1 # ip rule add fwmark 2 table T2 [1] (Spanish) http://bulma.net/body.phtml?nIdNoticia=2145&nIdPage=last * Questions - Has anybody in this list experienced similar problems? - I haven''t tried this solution but I will today. I''d like to know if there''s a way to solve this problem without using fwmark. I''m using fwmarks already to ease the configuration of keepalived and I''ll need to find a workaround to another problem if I have to use fwmarks. It is: I have 2 redundant routers and I use heartbeat to set up the real (internet) IPs. http://cgi.afc.no-ip.info/svnwiki.cgi/default/Keepalived%20with%20fwmark%20and%20no%20VIP Regards, Nelson.- BTW: There should be a warning in the HOWTO for this DNAT issue, since this setup if fair common (I guess). -- Homepage : http://geocities.com/arhuaco The first principle is that you must not fool yourself and you are the easiest person to fool. -- Richard Feynman.
Reasonably Related Threads
- Routing for multiple uplinks/providers problem.
- [Bug 452] New: DNAT to internal network don't work with source routing and 2 uplinks
- Routing for multiple uplinks and SNAT to 2 source IPs
- ext3fs still uses sequential search of file names in directories?
- [Bug 452] DNAT to internal network don't work with source routing and 2 uplinks