Here''s my situation: I''ve got an Intel machine running a 2.6.9 linux kernel and this box has 4 modems attached to it via a usb to serial port expander. In order to force data down each of the modems, some pretty simple rules are used and they are as follows: iptables -t mangle -A OUTPUT -p tcp --dport $PORT1 -j MARK --set-mark 1 iptables -t mangle -A OUTPUT -p tcp --dport $PORT2 -j MARK --set-mark 2 iptables -t mangle -A OUTPUT -p tcp --dport $PORT3 -j MARK --set-mark 3 iptables -t mangle -A OUTPUT -p tcp --dport $PORT4 -j MARK --set-mark 4 ip rule add fwmark 1 table isp1 ip rule add fwmark 2 table isp2 ip rule add fwmark 3 table isp3 ip rule add fwmark 4 table isp4 ip route add default via $GWIPADDR dev ppp0 table isp1 ip route add default via $GWIPADDR dev ppp1 table isp2 ip route add default via $GWIPADDR dev ppp2 table isp3 ip route add default via $GWIPADDR dev ppp3 table isp4 $PORT1 thru $PORT4 are unique and $GWIPADDR is the same for all 4 ppp links. Using these rules, data going out of my Intel box is shaped nicely based on looking at the transmit columns in /proc/net/dev. On the receive side, all of the traffic is coming down the only kernel default route, which is ppp0, and this is the problem. Is there a way to use iptables to force answers for data going out a given ppp link to be returned using the same link? Thanks in advance for your help!! - Cal cspadoni@cornerturn.com
On Tue, June 7, 2005 18:24, Cal Spadoni said:> Here''s my situation: > > I''ve got an Intel machine running a 2.6.9 linux kernel and this box has > 4 modems attached to it via a usb to serial port expander. In order to > force data down each of the modems, some pretty simple rules are used > and they are as follows: > > iptables -t mangle -A OUTPUT -p tcp --dport $PORT1 -j MARK --set-mark 1 > iptables -t mangle -A OUTPUT -p tcp --dport $PORT2 -j MARK --set-mark 2 > iptables -t mangle -A OUTPUT -p tcp --dport $PORT3 -j MARK --set-mark 3 > iptables -t mangle -A OUTPUT -p tcp --dport $PORT4 -j MARK --set-mark 4 > > ip rule add fwmark 1 table isp1 > ip rule add fwmark 2 table isp2 > ip rule add fwmark 3 table isp3 > ip rule add fwmark 4 table isp4 > > ip route add default via $GWIPADDR dev ppp0 table isp1 > ip route add default via $GWIPADDR dev ppp1 table isp2 > ip route add default via $GWIPADDR dev ppp2 table isp3 > ip route add default via $GWIPADDR dev ppp3 table isp4 > > $PORT1 thru $PORT4 are unique and $GWIPADDR is the same for all 4 ppp > links. > > Using these rules, data going out of my Intel box is shaped nicely based > on looking at the transmit columns in /proc/net/dev. > > On the receive side, all of the traffic is coming down the only kernel > default route, which is ppp0, and this is the problem. > > Is there a way to use iptables to force answers for data going out a > given ppp link to be returned using the same link? > > Thanks in advance for your help!! > > - Cal > > cspadoni@cornerturn.com >Perhaps ip_connmark is what your looking for. -- Regards, Jon
Jon wrote:>On Tue, June 7, 2005 18:24, Cal Spadoni said: > > >>Here''s my situation: >>[Snip] >>Is there a way to use iptables to force answers for data going out a >>given ppp link to be returned using the same link? >> >>Thanks in advance for your help!! >> >>- Cal >> >>cspadoni@cornerturn.com >> >> >> > >Perhaps ip_connmark is what your looking for. > >-- >Regards, >Jon > > >Nah, the issue is sending out data from all 4 ppp interfaces with the same source ip, obviously the data is all going to be sent back to that one ip. The other end of the connections is sending down only 1 of the 4 ppp interfaces. If all 4 ppp interfaces truly do have the same ip, then nothing can be done locally, it has to be done on the other end of the 4 ppp interfaces. However, if each of the 4 ppp interfaces does have a different ip, you could use some nat and load balancing, there''s a rther helpful faq here http://lartc.org/howto/lartc.rpdb.multiple-links.html Using that method, the source ip will be cycled between the 4 for new connections, attempting to keep them load balanced. - Jody