[LARTC] multiple links and nat

Edmundo Carmona eantoranz at gmail.com
Thu Jan 5 17:21:52 CET 2006 

The problem (as usual) is the change of route the routing box is doing
for connections already stablished.

Maybe you can try using separate routing tablewith  a single internet
link for ssh (policy routing).

On 1/5/06, seph <seph at directionless.org> wrote:
> Hi, this might be a dumb question, but I'm not finding much
> information online.
>
> I'm trying to setup a 2.6 linux box to run nat across multiple
> upstream links as a simple way to aggregate bandwidth. I found the
> instructions in lartc section 4.2
> (http://lartc.org/howto/lartc.rpdb.multiple-links.html) fairly clear
> and straightforward. I implemented those, and a couple of trivial
> iptables commands and tried it.
>
> Persistent masqueraded connections (like ssh) weren't very happy. The
> frequently hung, and I saw the "MASQUERADE: Route sent us somewhere
> else." error. googling for that, I see lots of suggestions to use
> connmark, but no examples of how connmark and the multiple link stuff
> interact. Does anyone have a pointer?
>
> The rules I'm using are roughly:
>
> /sbin/ip route add P1_NET dev IF1 src IP1 table 201
> /sbin/ip route add default via P1 table 201
> /sbin/ip route add P1_NET dev IF1 src IP1
> /sbin/ip route add 127.0.0.0/8 dev lo table 201
> /sbin/ip rule add from IP1 table 201
> /sbin/ip route add P2_NET dev IF2 src IP2 table 202
> /sbin/ip route add default via P2 table 202
> /sbin/ip route add P2_NET dev IF2 src IP2
> /sbin/ip route add 127.0.0.0/8 dev lo table 202
> /sbin/ip rule add from IP2 table 202
>
>
> /sbin/ip route del default
> /sbin/ip route add default scope global nexthop via P1 dev IF1 weight 1 nexthop via P2 dev IF2 weight 4
> /sbin/ip route flush cache
>
>
> /sbin/iptables -t nat -A PREROUTING -s LOCALNET -d P1_NET -j ACCEPT
> /sbin/iptables -t nat -A PREROUTING -s LOCALNET -d P2_NET -j ACCEPT
> /sbin/iptables -t nat -A POSTROUTING -o IF1 -s LOCALNET -j MASQUERADE
> /sbin/iptables -t nat -A POSTROUTING -o IF2 -s LOCALNET -j MASQUERADE
>
>
> thanks
> seph
> _______________________________________________
> LARTC mailing list
> LARTC at mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>

More information about the LARTC mailing list