[LARTC] Multipath routing + traffic separation problem.

Nguyen Dinh Nam 64vn at cardvn.net
Thu Apr 7 02:54:41 CEST 2005 

Your settings seem to be correct, I just don't know why you don't want
to balance http, https and ftp traffic between both connections? 

About the bug, I haven't used linux 2.4 for a long time, for 2.6, fwmark
is in hexa, so be careful with 10 vs. 0xa, you'd better use values less
than 0xa to avoid confusing.

Also make sure that no default route is added to your main table.


On Wed, 2005-04-06 at 12:09 +0200, Laurent LAVAUD wrote:

> Hello,
> 
> I have set up a multipath gateway.
> System is a linux 2.4.29 kernel, iproute 20010824, iptables 1.2.11.
> 
> here is the setup:
> 
> 
> firewall:/# ip rule
> 0:      from all lookup local 
> 100:    from all lookup main 
> 152:    from all fwmark       10 lookup wan1 
> 153:    from all fwmark       20 lookup wan2 
> 201:    from 213.223.96.121 lookup wan1 
> 202:    from 82.236.230.217 lookup wan2 
> 1000:   from all lookup away 
> 
> Fw-cgarp:/etc/firegate# ip route ls table wan1
> default via 213.223.96.122 dev eth0  src 213.223.96.121 
> prohibit default  metric 1 
> 
> Fw-cgarp:/etc/firegate# ip route ls table wan2
> default via 82.236.230.254 dev eth3  src 82.236.230.217 
> prohibit default  metric 1 
> 
> Fw-cgarp:/etc/firegate# ip route ls table away
> default 
>   nexthop via 82.236.230.254  dev eth3 weight 1
>   nexthop via 213.223.96.122  dev eth0 weight 1
> 
> Fw-cgarp:/etc/firegate# iptables-save -t mangle
> # Generated by iptables-save v1.2.11 on Wed Apr  6 11:57:06 2005
> *mangle
> :PREROUTING ACCEPT [3281:1066576]
> :INPUT ACCEPT [411:32992]
> :FORWARD ACCEPT [2870:1033584]
> :OUTPUT ACCEPT [339:63745]
> :POSTROUTING ACCEPT [3195:1096657]
> -A PREROUTING -p tcp -m tcp --dport 25 -j MARK --set-mark 0xa 
> -A PREROUTING -p tcp -m mport --dports 80,443,21 -j MARK --set-mark 0x14 
> COMMIT
> # Completed on Wed Apr  6 11:57:06 2005
> 
> 
> 
> So with this configuration all the http,https and ftp traffic must be routed by the 'wan2' connection.
> I have done severals tests and it dont work, i have also had a realms mark to my routing rule and with the "rtacct" command i saw that traffic going through the correct rule, but http traffic continues to be balanced between the two connections...
> 
> If someone see the problem ?
> Thx in advance.
> _______________________________________________
> LARTC mailing list
> LARTC at mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ds9a.nl/pipermail/lartc/attachments/20050407/1cff4dc9/attachment.htm

More information about the LARTC mailing list