[LARTC] Routing for multiple uplinks/providers problem.
Nelson Castillo
nelsoneci at gmail.com
Thu Jul 28 18:18:42 CEST 2005
Hi John.
On 7/28/05, John McMonagle <johnm at advocap.org> wrote:
> Find that if I ping the same site from 2 computers it may work on one
> and fail on the other.
> Also was surprised that some time they are going out different
> interfaces at the same time.
Same symptoms I had.
> Have snat on both interfaces
When you SNAT incoming packets, you need to do something different
from what is in the HOWTO ([4]) because SNAT is done before the
routing desition (check the Kernel Packet Traveling Diagram[5]).
I had the same problem [1]. The solution is to use conntrack and mark
packets on arrival, and then route them back using the fwmark[2].
There's no need to tell you I had a hard time with this. There should
be a warning about this in the HOWTO (in this page [4]).
The proposed solution I quote in [2] worked for me for the
multiple uplink providers + SNAT problem.
It is (Using the same variables that are in the HOWTO [4]):
1) Mark packages on arrival:
iptables -t mangle -A PREROUTING -m conntrack --ctorigdst $IP1 -j
MARK --set-mark=1
iptables -t mangle -A PREROUTING -m conntrack --ctorigdst $IP2 -j
MARK --set-mark=2
And then use the mark to route the outgoing packages correctly.
ip rule add fwmark 1 table T1
ip rule add fwmark 2 table T2
Regards,
Nelson.-
PD : I solved my problem with IPVS and multiple uplink providers (see [3]).
[1] http://mailman.ds9a.nl/pipermail/lartc/2005q2/016171.html
[2] http://mailman.ds9a.nl/pipermail/lartc/2005q2/016441.html
[3] http://arhuaco.blogspot.com/2005/07/ipvs-and-conntrack.html
[4] http://lartc.org/howto/lartc.rpdb.multiple-links.html
[5] http://www.docum.org/docum.org/kptd/
--
Homepage : http://geocities.com/arhuaco
The first principle is that you must not fool yourself
and you are the easiest person to fool.
-- Richard Feynman.
More information about the LARTC
mailing list