On Sat, 2002-06-29 at 09:13, Roni Reicher wrote: > I installed the kernel 2.4.19pre10 with all the patches and compiled it > with the equalcost multipath, but Im still having some troubles... When you say patches I assume you mean Julian's route patch. http://www.linuxvirtualserver.org/~julian/#routes > Could anyone check these scrips to see if there is something wrong? I will do my best. > I appreciate it, No problem just doing my part to give back. > Eth0 (local) -> 192.168.1.1 connected to my W2k Server on 192.168.1.2 > Eth1 (ADSL 1 256k) -> xxx.xxx.xxx.170 gw xxx.xxx.xxx.129 > Eth2 (ADSL 2 512k) -> yyy.yyy.yyy.205 gw yyy.yyy.yyy.193 > > My W2K is hosting all the services, and the clients are behind it. If I could take this moment to say shame on you. You should be hosting those services on a Linux box, but that may be out of your control. So be it, at least you are doing the right thing by putting a Linux router/firewall in front of the w2k server. As it will need to be protected, like anything else. > This is my IPTABLES SCRIPT. This I really will not discuss here. Sorry but this type of things is a netfilter mailing list issue. With that said you must do NAT in the Linux box for load balancing to work. You will most likely use either Destination NAT or Port AT. So long as some sort of NAT is in the linux box, with either of the above you should not need source but you might. > > IPTABLES=/sbin/iptables > > > $IPTABLES -F INPUT > $IPTABLES -F FORWARD > $IPTABLES -F OUTPUT > $IPTABLES -t nat -F PREROUTING > $IPTABLES -t nat -F POSTROUTING > $IPTABLES -P INPUT DROP > $IPTABLES -P FORWARD DROP > $IPTABLES -P OUTPUT ACCEPT > $IPTABLES -t nat -P PREROUTING ACCEPT > $IPTABLES -t nat -P POSTROUTING ACCEPT > $IPTABLES -t nat -P OUTPUT ACCEPT > > > $IPTABLES -A INPUT -p tcp -s 10.0.0.0/255.255.255.0 --dport 23 -j > ACCEPT > > $IPTABLES -A INPUT -i lo -j ACCEPT > $IPTABLES -A INPUT -p icmp -j ACCEPT > > ############################################# > > $IPTABLES -A FORWARD -o eth2 -j ACCEPT > $IPTABLES -A FORWARD -o eth1 -j ACCEPT > > $IPTABLES -A FORWARD -p tcp ! --syn -d 192.168.1.0/255.255.255.0 -j > ACCEPT > > ################################## > > $IPTABLES -A FORWARD -i eth1 -o eth0 -j ACCEPT > $IPTABLES -A FORWARD -i eth2 -o eth0 -j ACCEPT > $IPTABLES -A FORWARD -i eth0 -o eth1 -j ACCEPT > $IPTABLES -A FORWARD -i eth0 -o eth2 -j ACCEPT > > ########################################### > > $IPTABLES -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.170 --dport 25 > -j DNAT --to-destination 192.168.1.2 > > $IPTABLES -t nat -A PREROUTING -p tcp -d yyy.yyy.yyy.205 --dport 25 > -j DNAT --to-destination 192.168.1.2 > > ########################################### > $IPTABLES -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.170 --dport 80 > -j DNAT --to-destination 192.168.1.2 > > > $IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE > $IPTABLES -t nat -A POSTROUTING -s 10.0.0.0/24 -j MASQUERADE > $IPTABLES -t nat -A POSTROUTING -o eth1 -j MASQUERADE > $IPTABLES -t nat -A POSTROUTING -o eth2 -j MASQUERADE > > > > > And this is my Load Balancing Script: >From looking below, I am not going to even try to comment. Why have you deviated so far from the Nano-how-to? If you have the patches applied then you problems are coming from below. Now once you have the your load balancing script looking more like the nano-how-to and are still having problems. It's mostly an NAT issue at that point. But I can't emphasize enough that you must stick to the nano-how-to. > IP=/sbin/ip > > > IF1=eth1 > IP1=xxx.xxx.xxx.170 > P1=xxx.xxx.xxx.129 > P1_NET=xxx.xxx.xxx.128/26 > > IF2=eth2 > IP2=yyy.yyy.yyy.200.168.71.205 > P2= yyy.yyy.yyy.193 > P2_NET= yyy.yyy.yyy.192/26 > > ################################### > > echo 201 T1 >> /etc/iproute2/rt_tables > echo 202 T2 >> /etc/iproute2/rt_tables > > $ROUTE del default > > $IP route add $P1_NET dev $IF1 src $IP1 table T1 > $IP route add default via $P1 table T1 > $IP route add $P2_NET dev $IF2 src $IP2 table T2 > $IP route add default via $P2 table T2 > > $IP route add $P1_NET dev $IF1 src $IP1 > $IP route add $P2_NET dev $IF2 src $IP2 > > ######################################### > > $IP route add default via $P2 > > ###################################################### > > $IP rule add from $IP1 table T1 > $IP rule add from $IP2 table T2 > > ############################# > > $IP route add default scope global nexthop via $P2 dev $IF2 weight 1 > nexthop via $P1 dev $IF1 weight 1 > > ###################################################### So adjust this script to look more like the nano-how-to and let me know how it goes. -- Sincerely, William L. Thomson Jr. Obsidian-Studios, Inc. 439 Amber Way Petaluma, Ca. 94952 Phone 707.766.9509 Fax 707.766.8989 http://www.obsidian-studios.com -- Sincerely, William L. Thomson Jr. Support Group Obsidian-Studios Inc. 439 Amber Way Petaluma, Ca. 94952 Phone 707.766.9509 Fax 707.766.8989 http://www.obsidian-studios.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
