From: "Javier Govea" <jgovea@magma.ca>
To: Daniel Chemko <dchemko@smgtec.com>, Javier Govea <jgovea@magma.ca>
Cc: George Vieira <georgev@citadelcomputer.com.au>,
netfilter@lists.netfilter.org,
Ramin Dousti <ramin@cannon.eng.us.uu.net>,
netfilter@lists.netfilter.org
Subject: Re: Round Robin Load Balancing
Date: Sun, 27 Jul 2003 13:40:31 -0400 (EDT) [thread overview]
Message-ID: <200307271740.h6RHeV1F001051@webmail1.magma.ca> (raw)
Hi guys,
I tried the following line (i'm using "-j ROUTE" instead of "-m route", as Daniel wrote
before, because the route patch is actually a target and because "-m route" was giving me
a an error. But if i'm doing it in the wrong way, please correct me):
iptables -t nat -A POSTROUTING -m nth --every 4 --packet 0 -m state --state new -j ROUTE
--oif ppp0
and i got:
iptables: Invalid argument
I think the ROUTE target doesn't work with the nat table. Has anybody use NAT and ROUTE
together?? I tried also the following rule but i got the same error message:
iptables -t nat -A POSTROUTING -j ROUTE --oif ppp0
However if i use the mangle table then i do not get an error (the rule below works) but my
host cannot access inernet and no wonder, i need the NAT/MASQUERADE stuff:
iptables -t mangle -A POSTROUTING -j ROUTE --oif ppp0
I also tried:
iptables -t nat -A POSTROUTING -m nth --every 4 --packet 0 -m state --state new -o ppp0 -j
MASQUERADE
with this rule my hosts can access internet if i have only one browser open (and it works
faster than before, when i wasn't using "-m state --state new") but if i open two browsers
then none of them can access internet.
Am i using the wrong rules??? Does anybody has any other ideas??? Can my problem of load
balancing internet traffic actually be solved with some combinations of rules?? or Am I
going in the wrong direction???
Any ideas or suggestions are all very much appreaciated...
Thanx to all of you guys...
X
PS. In my rules above i'm only showing one rule in each case but i'm actually using four
rules (one for each ppp link) in all cases.
> Yeah, it is wrong...
>
> #1. Only perform this on state 'new' packets. After that, let snat take
> care of making sure they go through the right interface.
>
> #2. You need the 'route' patch as well..
> The rules that you define will only work if the packets are going to the
> correct interface to begin with. To allow every 4th CONNECTION to travel
> through each interface as you described below, you might want to try:
>
> iptables -t nat -A POSTROUTING -m nth --every 4 --packet 0 -m state --state new -m route
--oif ppp0
> iptables -t nat -A POSTROUTING -m nth --every 4 --packet 1 -m state --state new -m route
--oif ppp1
> iptables -t nat -A POSTROUTING -m nth --every 4 --packet 2 -m state --state new -m route
--oif ppp2
> iptables -t nat -A POSTROUTING -m nth --every 4 --packet 3 -m state --state new -m route
--oif ppp2
>
>
> As described earier, this does not guarantee 100% load balancing, but it
> will help.
>
> >I'm not sure if NTH does not work well with the masquerade target (has anybody use NTH and
> >Masquerade succesfully????) or if i'm applying the wrong rule (below are my rules) or if
> >just the NTH patch doesn't really work....
> >
> >any ideas or suggestions are all very welcome....
> >
> >Here are my rules:
> >
> >iptables -t nat -A POSTROUTING -m nth --every 4 --packet 0 -o ppp0 -j MASQUERADE
> >iptables -t nat -A POSTROUTING -m nth --every 4 --packet 1 -o ppp1 -j MASQUERADE
> >iptables -t nat -A POSTROUTING -m nth --every 4 --packet 2 -o ppp2 -j MASQUERADE
> >iptables -t nat -A POSTROUTING -m nth --every 4 --packet 3 -o ppp2 -j MASQUERADE
> >
> >
>
>
>
next reply other threads:[~2003-07-27 17:40 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-07-27 17:40 Javier Govea [this message]
2003-07-27 18:51 ` Round Robin Load Balancing Chris Wilson
-- strict thread matches above, loose matches on Subject: below --
2003-11-18 8:47 Vivek Kashyap
2003-08-17 16:38 Javier Govea
2003-08-11 11:00 George Vieira
2003-08-10 22:30 George Vieira
2003-08-11 7:25 ` Ramin Dousti
2003-08-10 19:15 Javier Govea
2003-08-10 19:07 Javier Govea
2003-07-31 14:48 Javier Govea
2003-07-31 20:02 ` Ramin Dousti
2003-07-29 15:50 Daniel Chemko
2003-07-29 15:38 Javier Govea
2003-07-28 21:14 Javier Govea
2003-07-27 18:46 Daniel Chemko
2003-07-26 18:21 Javier Govea
2003-07-27 0:30 ` Ramin Dousti
2003-07-27 6:49 ` Daniel Chemko
2003-07-26 18:07 Javier Govea
2003-07-24 0:58 Javier Govea
2003-07-24 0:31 Javier Govea
2003-07-24 1:03 ` Ramin Dousti
2003-07-17 22:52 George Vieira
2003-07-17 22:36 Daniel Chemko
2003-07-17 20:29 Javier Govea
2003-07-18 4:57 ` Ramin Dousti
2003-07-15 19:44 Daniel Chemko
2003-07-15 20:54 ` Ramin Dousti
2003-07-15 19:33 Javier Govea
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200307271740.h6RHeV1F001051@webmail1.magma.ca \
--to=jgovea@magma.ca \
--cc=dchemko@smgtec.com \
--cc=georgev@citadelcomputer.com.au \
--cc=netfilter@lists.netfilter.org \
--cc=ramin@cannon.eng.us.uu.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.