similar to: Re: split route and kernel panic

The LARTC howto correctly describes load balancing and split access for traffic from a machine with multiple ISP connections (http://www.lartc.org/lartc.html#LARTC.RPDB.MULTIPLE-LINKS) -- *provided* the traffic originates from the machine itself (i.e. traffic regularly handled by the INPUT and OUTPUT chains of iptables). When forwarding traffic from an attached local network, the following

Does anyone know if load balancing and DNAT work well together? I know that load balancing and NAT do not, but what about a simple port forward? I can''t apply Julian Anastasov''s patches, because they don''t work with PPTP patches. :/ Anyhow, a simple: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport xxx -j DNAT --to yyy:xxx iptables -I FORWARD -i eth0 -d yyy -p

lartc-request@mail man.ds9a.nl To: lartc@mailman.ds9a.nl Sent by: cc: lartc-bounces@mail Subject: LARTC Digest, Vol 20, Issue 13

-----Original Message----- From: Salim S I [mailto:salim.si@cipherium.com.tw] Sent: Thursday, May 10, 2007 5:22 PM To: ''Francis Brosnan Blazquez'' Subject: RE: [LARTC] Load balancing using connmark "I think the main advantage of shorewall solution is that it applies connmark to incoming packets from the wan as you point, leaving load balancing to outgoing connections to the

hi i recently searched in the mailinglist archive and found similar problems, whose solutions helped very much, thank you. i have the following scenario: a firewall with one lan interface eth0 10.1.1.1/24 and two uplink interfaces eth1 10.2.2.1/24 eth2 10.3.3.1/24 each uplink interface does SNAT: iptables -t nat -I POSTROUTING -o eth1 -j SNAT --to-source 10.2.2.1 iptables -t nat -I POSTROUTING

Assuming if I have rules matching the same packet, the one chosen is the lower preference value or the high ? For example # ip rule list .... 100 from 192.168.1.0/24 lookup main 200 from all fwmark 5 lookup first ..... Packet is matching both rules, the one with priority/preference 100 or 200 is selected ? _______________________________________________ LARTC mailing list /

On Tue, Jan 03, 2006 at 11:28:47AM +0100, <Alpt>: ~> On Sun, Dec 25, 2005 at 11:29:21AM +0100, <Alpt>: ~> ~> The multipath code creates new cached routes. Since ~> ~> after connect the socket is "connected", i.e. saddr and ~> ~> daddr are known and they are always provided when resolving ~> ~> route ~> ~> ~> ~> So, the connected

I have two adsl lines on my linux firewall box and i want to do some load balance between them...i tried a lot of different things, but it isn´t working...Following the instructions of http://lartc.org/howto/lartc.rpdb.multiple-links.html i used the configuration above. using "iptraf" I can see some few packets using the ppp1 connection, but almost all the packets use ppp0 connection.

Hi, this might be a dumb question, but I''m not finding much information online. I''m trying to setup a 2.6 linux box to run nat across multiple upstream links as a simple way to aggregate bandwidth. I found the instructions in lartc section 4.2 (http://lartc.org/howto/lartc.rpdb.multiple-links.html) fairly clear and straightforward. I implemented those, and a couple of trivial

Hi All, I have a linux router, configured with two internet connections and two lan segments. I''ve setup multipath routing as described in http://lartc.org/howto/lartc.rpdb.multiple-links.html My problem (I think) is that somehow the router will randomly choose incorrect routing paths for different hosts, for example: on my workstation (192.168.1.20), I ssh to a server I have on an

Hello all, I am having some difficults to make a routing rule work. I want that every P2P packages go to one interface (eth2 - cheaper link) nad the rest of the traffic go to another interface (eth0 - frame relay very expensive). I am using this script to make the mark and balance: ------- #!/bin/bash IPT="/usr/local/sbin/iptables" IP="/sbin/ip" #---- # Declara redes #----

I tried to implement a multi-homed box using this faq 4.2.1 split access http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.multiple-links.html But it says table is invalid. Can someone tell me what the difference is in Centos? I assume the FAQ is leaving out how to add tables to the iproute files? I am trying to have eth0 and eth1 service two different subnets for apache and not act as a

I have tried using iptraf for my NAT firewall to analyse the IP traffic. Basically I am faced with this difficulty of related the source IP to the outgoing interface to the internet, so I am wondering if anyone has a suggestion for a different ways to do it, or a suggestion for a better tool. Details :- Supposed : eth0 - LAN eth1 - WAN1 eth2 - WAN2 And then

Hi, I''ve been implementing a load balancing solution using CONNMARK, based on solution described by Luciano Ruete at [1]. Gracias por el post y por apuntar en la dirección correcta Luciano! Once implemented, I''ve found that due to some reason packets aren''t properly marked (or improperly remarked) and sent out using the wrong interface. My topo setup is:

Hi, this is my first post to the list. I have googled a lot, and still cannot find a proper solution. I hope someone here will be able to shed some light on my doubts. I have set up a firewall using kernel 2.6.15 (Debian) that does NAT for 100 clients, and uses two different ISPs, using the howto found at http://lartc.org/howto/lartc.rpdb.multiple-links.html. I have *not*

Hi all I would like to know what happens with a dead router in a multipath configuration like the one presented http://lartc.org/howto/lartc.rpdb.multiple-links.html Do i need to monitor dead routers and reconfigure ? Guillermo

Hello all, I do not read C very well (especially kernel C). Though I have tried to muddle my way through an understanding of what''s going on in fib_hash.c, fib_rules.c, and route.c, I have not succeeded to my satisfaction, hence my post. I''m trying to document the general process of route selection, and have come up with the following overview. Could somebody point out any

What are the reasons that two NICs on the same computer are set to the same subnet? i.e. eth0 IP addresses is x.y.z.m and eth1 is x.y.z.n. Any websites describing these in details? http://lartc.org/lartc.html#LARTC.RPDB.MULTIPLE-LINKS "4.2. Routing for multiple uplinks/providers" have two cases (Split access and Load balancing) for two or more internet connections on the same computer

I have two T1s and I'd like to split my SIP traffic over the two. I am looking at this: http://lartc.org/howto/lartc.rpdb.multiple-links.html what bothers me about it is the note "Note that balancing will not be perfect, as it is route based, and routes are cached. This means that routes to often-used sites will always be over the same provider.". If all my traffic goes to the same

Hello all, I''m using iproute2 + ipchains and have a question about locally generated packets. I have noticed that I have no problem marking packets in the input chain from sources other than my router. These packets are marked and routed exactly as I expect. Now supposing I want to mark particular outbound packets which are locally generated. The only solution I have found so far