Re: [LARTC] Balancing ip traffic over two or more internet (adsl) connections

[RoMaN SoFt / LLFB!! <roman@xxxxxxxxxx>]

On Thu, 15 Mar 2001 17:56:37 +0100 (MET), you wrote:

>> 1) Could you exemplify this TOS field "hacking"?
>
>ipchains <yourmatchfields> -t 0x01 0x00

 Ummm. I don't get it to work... I've created the following test
ipchains rule (see log):

goliat:~ # ipchains -F                                                
goliat:~ # ipchains -A output -p tcp --source-port 20:21 -b -t 0x01
0x00 -j ACCEPT -l     
goliat:~ # ipchains -L
Chain input (policy ACCEPT):
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):
target     prot opt     source                destination
ports
ACCEPT     tcp  ----l-  anywhere             anywhere
ftp-data:ftp ->   any
ACCEPT     tcp  ----l-  anywhere             anywhere              any
->   ftp-data:ftp
goliat:~ # ftp 62.22.78.68
Connected to sniff.batmap.com.
220 Sniff FTP-Server ready
Name (62.22.78.68:roman): 
421 Service not available, remote server has closed connection.
ftp: Login failed.
ftp: No control connection for command.
ftp> bye
goliat:~ #


Now, we have a look to the ftp server:
sniff:~ # tcpdump -ni eth0
User level filter, protocol ALL, datagram packet socket
tcpdump: listening on eth0
11:06:16.821899 62.174.128.49.7772 > 62.22.78.68.ftp: S
395928648:395928648(0) win 32767 <mss 1460,sackOK,timestamp 7029574
0,nop,wscale 0> (DF)
11:06:16.821934 62.22.78.68.ftp > 62.174.128.49.7772: S
384708931:384708931(0) ack 395928649 win 32120 <mss
1460,sackOK,timestamp 811698645 7029574,nop,wscale 0> (DF)
11:06:16.863172 62.174.128.49.7772 > 62.22.78.68.ftp: . 1:1(0) ack 1
win 65160 <nop,nop,timestamp 7029631 811698645> (DF)
11:06:16.866108 62.22.78.68.ampr-inter > 62.174.128.49.ident: S
390274631:390274631(0) win 32120 <mss 1460,sackOK,timestamp 811698649
0,nop,wscale 0> (DF)
11:06:16.900480 62.174.128.49.ident > 62.22.78.68.ampr-inter: R 0:0(0)
ack 390274632 win 0
11:06:16.906885 62.22.78.68.1053 > 194.98.65.65.domain: 3187+ PTR?
49.128.174.62.in-addr.arpa. (44)
11:06:16.940612 194.98.65.65.domain > 62.22.78.68.1053: 3187 1/2/2 PTR
49-MAD2-X1.red.retevision.es. (183) (DF)
11:06:16.941507 62.22.78.68.sdsc-lm > 62.174.128.49.ident: S
384359382:384359382(0) win 32120 <mss 1460,sackOK,timestamp 811698657
0,nop,wscale 0> (DF)
11:06:16.980458 62.174.128.49.ident > 62.22.78.68.sdsc-lm: R 0:0(0)
ack 384359383 win 0
11:06:16.980641 62.22.78.68.ftp > 62.174.128.49.7772: P 1:29(28) ack 1
win 32120 <nop,nop,timestamp 811698661 7029631> (DF)
11:06:17.038691 62.175.108.41.7857 > 62.22.78.68.ftp: .
395928649:395928649(0) ack 384708960 win 65160 <nop,nop,timestamp
7029648 811698661> (DF)
11:06:17.038720 62.22.78.68.ftp > 62.175.108.41.7857: R
384708960:384708960(0) win 0
11:06:17.229273 0:2:b9:7a:87:4a > 1:0:0:0:0:0 802.1d ui/C
11:06:19.980029 62.22.78.68.ftp > 62.174.128.49.7772: P 1:29(28) ack 1
win 32120 <nop,nop,timestamp 811698961 7029631> (DF)
11:06:20.026685 62.174.128.49.7772 > 62.22.78.68.ftp: R
395928649:395928649(0) win 0
11:06:21.235019 0:2:b9:7a:87:4a > 1:0:0:0:0:0 802.1d ui/C
11:06:21.820027 arp who-has 62.22.78.65 tell 62.22.78.68
(0:c0:26:a0:a4:63)
11:06:21.821221 arp reply 62.22.78.65 is-at 0:2:fd:8a:c7:e0
(0:c0:26:a0:a4:63)

23 packets received by filter
sniff:~ #


 It looks like the TOS translation has been produced ok. Despite
packets having same TOS, the machine doing multipath has chosen
DIFFERENT paths, which isn't the expected behaviour. :-????

 Am I doing something wrong?

 I only could imagine that TOS translation is being doing AFTER
multipath has acted. Is it possible? In this case, how to avoid it?

 Could you paste some ipchains rules and/or other useful config files
for your (working) configuration? Perhaps this may helps.

 Any help would be *highly* appreciated.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
    ** RoMaN SoFt / LLFB **  
       roman@xxxxxxxxxx
   http://pagina.de/romansoft
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~