On Thursday 20 Mar 2003 12:59, Julian Anastasov wrote: > Hello, > > On Thu, 20 Mar 2003, Gordan Bobic wrote: > > The setup: > > > > "Home brewed" v2.2.24 (will patch to v2.2.25 later today) with the DS8 > > patch applied. Currently downloading the DS9/rbtree/htb3 patches to be > > applied later (obviously, unpatching the old DS8 first), and see if at > > least some of my problems go away. > > Yes, DS-8 has many problems including security ones. > The only problem is that I still didn't upgraded the patches to > 2.2.25, may be in the next days I'll find time to do so. It all patched cleanly anyway, don't worry about it. I patched 2.2.24 and then patched that to 2.2.25. I haven't compiled it yet because I am not in front of the machine right now (not doing remote kernel upgrades - bad things happen). :-) > > Multiple cable/DSL lines with multiple default routes and equal cost > > multipath. > > I strongly recommend the route patches in such case: > > http://www.ssi.bg/~ja/#routes-2.2 > http://www.ssi.bg/~ja/routes-2.2.20-7.diff Aha! Thanks. I wonder if whis will cure my problems. BTW, that applies cleanly to my already heavily patched 2.2.25 tree. > > When applying ingres shaping (policing filter) all executes fine without > > reporting any errors, but > > > > tc -s -d qdisc show dev eth1 > > and > > tc -s -d filter show dev eth1 > > DS9 has fixes for the ingress stats Marvellous. :-) > > Can anyone hazard a guess as to why this is not doing what it should be? > > Is this a know bug in DS8 and DS9 will fix it? I will try it anyway, just > > to make sure, but some encouraging news would be nice. :-) > > Yes, yes, I'll add it to the changelog :-) > > 2) ipmasqadm portfw unstable/unreliable > > > > I have tried to use this approach to forward ports from the firewall to > > an internal server. It works OK initially, but within minutes, things > > start going wrong. Some connections get through on one interface but not > > the other. Later, connections from the same host will work on a different > > interface, but not the one it worked on initially. > > Such problems should be solved from the "routes" patches, > they will keep each traffic through its ISP. Excellent. Note that I also use policy routing so that the sessions started to ethX will always be reponded to on ethX. I think that is fairly standard (things break horribly otherwise). However, what happens when a host randomly alternates between IP addresses it is starting sessions to/from? This sort of worked before, but it quickly started to break. I take it that with the routes patch things will not fall apart like before? > Read nano.txt from http://www.ssi.bg/~ja/#routes > It is for 2.4 but the concept and the routing rules are same. Thanks for that. I already have the setup working as far as multi-homedness (that cannot possibly be a word...) is concerned, though. Thanks for the help. Gordan
