Re: Load Balancer setting for Public Servers

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Not enough, my tutorial only discuss about CONNMARK outgoing NEW packets in POSTROUTING, if you want to DNAT connections from internet to some computers in your LAN, you must also CONNMARK incoming NEW packets in PREROUTING too. I want to keep the tutorial short and simple so I don't write about it, you can consult CONNMARK in PREROUTING in RoutesKeeper's source code.
Lacking CONNMARK in PREROUTING, some of your SYN/ACK packets may be DROPed by ISPs.
From kernel 2.6.10, CONNMARK is included already, you don't have to patch anything.

Sureerat P. (EQHO) wrote:

Hi all,

Thank you for your kindly reply.

So my next step should be as following:

1. patch the kernel with patch-o-matic
2. add more config with iptables+connmark as described in
http://selab.edu.ms/twiki/bin/view/Networking/MultihomedLinuxNetworking

Please you help me suggest whether my understanding is correct. Thank you.

Best regards,

Sureerat P.

_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux