[LARTC] DNAT and Load Balancing
Tom Lobato
tomlobato at gmail.com
Fri Mar 2 01:21:44 CET 2007
Hi all!
After that good thread "DGD patch not detecting dead gateway" I was
able to set up a Load Balancing with ping based DGD (without Julian
Anastasov patch). But now I'm facing a new problem and tried some
options, with only partial solutions.
I made a script based on
http://www.mail-archive.com/lartc@mailman.ds9a.nl/msg16257.html (Thank
you Manish Kathuria), without Julian A. patch, and with routes/rules as
described in nano.txt. It works fine, but...
The problem: I do DNAT for internet located people to access my LAN
machines (VNC, RDP, etc...). It sometimes works, sometimes don't work.
It appears that the connection from outside can enter, but when reply
packets try to get back across nat machine, it falls into the round
robin default route selection to define its gateway. Well, of course,
this reply must leave the router via the same interface whose initial
packets entered.
vnc initial
request packet reply that got
\ wrong route
\ ^
\ /
V /
isp1 isp2 isp3
_|____|____|__
| |
| dnat |
|_____________|
^
|
|
V
LAN estation, the
vnc server
What I need is a way to force packets leave the router via the same
interface whose its request entered this.
I'd like to hear opinions about the problem (and also solution =).
Remember, I can't apply the DGD patch from J.A. because it only checks
the first hop for dead detection.
I will apreciate any help.
Thank you,
Tom Lobato
More information about the LARTC
mailing list