[LARTC] Multipath routing + traffic separation problem.
Laurent LAVAUD
l.lavaud at auranext.com
Wed Apr 6 12:09:00 CEST 2005
Hello,
I have set up a multipath gateway.
System is a linux 2.4.29 kernel, iproute 20010824, iptables 1.2.11.
here is the setup:
firewall:/# ip rule
0: from all lookup local
100: from all lookup main
152: from all fwmark 10 lookup wan1
153: from all fwmark 20 lookup wan2
201: from 213.223.96.121 lookup wan1
202: from 82.236.230.217 lookup wan2
1000: from all lookup away
Fw-cgarp:/etc/firegate# ip route ls table wan1
default via 213.223.96.122 dev eth0 src 213.223.96.121
prohibit default metric 1
Fw-cgarp:/etc/firegate# ip route ls table wan2
default via 82.236.230.254 dev eth3 src 82.236.230.217
prohibit default metric 1
Fw-cgarp:/etc/firegate# ip route ls table away
default
nexthop via 82.236.230.254 dev eth3 weight 1
nexthop via 213.223.96.122 dev eth0 weight 1
Fw-cgarp:/etc/firegate# iptables-save -t mangle
# Generated by iptables-save v1.2.11 on Wed Apr 6 11:57:06 2005
*mangle
:PREROUTING ACCEPT [3281:1066576]
:INPUT ACCEPT [411:32992]
:FORWARD ACCEPT [2870:1033584]
:OUTPUT ACCEPT [339:63745]
:POSTROUTING ACCEPT [3195:1096657]
-A PREROUTING -p tcp -m tcp --dport 25 -j MARK --set-mark 0xa
-A PREROUTING -p tcp -m mport --dports 80,443,21 -j MARK --set-mark 0x14
COMMIT
# Completed on Wed Apr 6 11:57:06 2005
So with this configuration all the http,https and ftp traffic must be routed by the 'wan2' connection.
I have done severals tests and it dont work, i have also had a realms mark to my routing rule and with the "rtacct" command i saw that traffic going through the correct rule, but http traffic continues to be balanced between the two connections...
If someone see the problem ?
Thx in advance.
More information about the LARTC
mailing list