From: "Javier Govea" <jgovea@magma.ca>
To: Ramin Dousti <ramin@cannon.eng.us.uu.net>,
Javier Govea <jgovea@magma.ca>
Cc: netfilter@lists.netfilter.org
Subject: Re: Round Robin Load Balancing
Date: Sun, 10 Aug 2003 15:07:42 -0400 (EDT) [thread overview]
Message-ID: <200308101907.h7AJ7gTV018617@webmail1.magma.ca> (raw)
Hi guys, sorry about this late response, i've been playing with the kernel during this
time. Well, i tested the CONNMARK option (the rules i tested are below) for the round
robin, but i still get the same problem, when my browser just doesn't load any webpage and
eventually times out.
I hacked into the iptables modules: ipt_MASQUERADE and ip_tables and put some "printk"s to
see what was happening. The "printk"s in the ip_tables module show that the ppp links are
chosen in a round robin fashion, which is very good. The rules I'm shoing below use
"-j SNAT --to-source <ppp0-ip-addr>" in the NAT table. I however used
"-j MASQUERADE" instead because i believe this two jumps are equivalent and because i put
some prints in the ipt_MASQUERADE module. Well the prints from the MASQUERADE module
doesn't show anything, which means that the packets are never been masqueraded.
So my browser is timing out because the packets, if they are sent at all, they are not
being masqueraded, so they don't know how to return.
The CONNMARK
> iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to-source <ppp0-ip-addr>
> iptables -t nat -A POSTROUTING -o ppp1 -j SNAT --to-source <ppp1-ip-addr>
> iptables -t nat -A POSTROUTING -o ppp2 -j SNAT --to-source <ppp2-ip-addr>
> iptables -t nat -A POSTROUTING -o ppp3 -j SNAT --to-source <ppp3-ip-addr>
>
> iptables -t mangle -A PREROUTING -m nth --every 4 --packet 1 -m state --state new -j
CONNMARK --set-mark 1
> iptables -t mangle -A PREROUTING -m nth --every 4 --packet 2 -m state --state new -j
CONNMARK --set-mark 2
> iptables -t mangle -A PREROUTING -m nth --every 4 --packet 3 -m state --state new -j
CONNMARK --set-mark 3
> iptables -t mangle -A PREROUTING -m nth --every 4 --packet 0 -m state --state new -j
CONNMARK --set-mark 4
>
> iptables -t mangle -A OUTPUT -m nth --every 4 --packet 1 -m state --state new -j
CONNMARK --set-mark 1
> iptables -t mangle -A OUTPUT -m nth --every 4 --packet 2 -m state --state new -j
CONNMARK --set-mark 2
> iptables -t mangle -A OUTPUT -m nth --every 4 --packet 3 -m state --state new -j
CONNMARK --set-mark 3
> iptables -t mangle -A OUTPUT -m nth --every 4 --packet 0 -m state --state new -j
CONNMARK --set-mark 4
>
> iptables -t mangle -A POSTROUTING -m connmark --mark 1 -j ROUTE --oif ppp1
> iptables -t mangle -A POSTROUTING -m connmark --mark 2 -j ROUTE --oif ppp2
> iptables -t mangle -A POSTROUTING -m connmark --mark 3 -j ROUTE --oif ppp3
> iptables -t mangle -A POSTROUTING -m connmark --mark 4 -j ROUTE --oif ppp0
>
> Haven't had the chance to test it, though.
>
> Ramin
>
>
next reply other threads:[~2003-08-10 19:07 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-08-10 19:07 Javier Govea [this message]
-- strict thread matches above, loose matches on Subject: below --
2003-11-18 8:47 Round Robin Load Balancing Vivek Kashyap
2003-08-17 16:38 Javier Govea
2003-08-11 11:00 George Vieira
2003-08-10 22:30 George Vieira
2003-08-11 7:25 ` Ramin Dousti
2003-08-10 19:15 Javier Govea
2003-07-31 14:48 Javier Govea
2003-07-31 20:02 ` Ramin Dousti
2003-07-29 15:50 Daniel Chemko
2003-07-29 15:38 Javier Govea
2003-07-28 21:14 Javier Govea
2003-07-27 18:46 Daniel Chemko
2003-07-27 17:40 Javier Govea
2003-07-27 18:51 ` Chris Wilson
2003-07-26 18:21 Javier Govea
2003-07-27 0:30 ` Ramin Dousti
2003-07-27 6:49 ` Daniel Chemko
2003-07-26 18:07 Javier Govea
2003-07-24 0:58 Javier Govea
2003-07-24 0:31 Javier Govea
2003-07-24 1:03 ` Ramin Dousti
2003-07-17 22:52 George Vieira
2003-07-17 22:36 Daniel Chemko
2003-07-17 20:29 Javier Govea
2003-07-18 4:57 ` Ramin Dousti
2003-07-15 19:44 Daniel Chemko
2003-07-15 20:54 ` Ramin Dousti
2003-07-15 19:33 Javier Govea
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200308101907.h7AJ7gTV018617@webmail1.magma.ca \
--to=jgovea@magma.ca \
--cc=netfilter@lists.netfilter.org \
--cc=ramin@cannon.eng.us.uu.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.