I have some more information : after modifying libipt_nth.c to show the "counter" when doing an iptables -t mangle -L command, I discovered that even though I have been setting the counter, it treats all my rules (if you call them that) as having a counter value of '0'. I'm thinking this must be a bug with the 'nth' code. I'll try researching this / reporting this to the netfilter. -Joe On 4/29/05, Joe Nuts <joenuts@xxxxxxxxx> wrote: > Hi all, I need some guidance to get my problem fixed. I believe there > is an issue with the 'nth' patch from the patch-o-matic, which is > labeled as status 'works'. > I have tunnels back and forth across the internet, using 'nth' to > balance packets between different public networks (over the tunnels). > I need to access some networks over two tunnels, and some network over > three tunnels. I cant get routing working correctly when combinations > of two and three tunnels are involved. > *now for the more techincal explanation* > Tunnel Server 1 (kernel 2.4.28, iptables 1.2.11 with nth and route) > Network A is delivered over three tunnels to Tunnel Client A (works fine) > Network B is delivered over three tunnels to Tunnel Client B (works fine) > > Tunnel Server 2 (kernel 2.6.11, iptables 1.3.1 with nth and route) > Network C is delivered over two tunnels to Tunnel Client C (works fine) > Network D is delivered over two tunnels to Tunnel Client D (works fine) > > when network C is moved to to tunnel server 1, network A and B work > fine, network C traffic gets excessive packet loss > when network A is moved to tunnel server 2, network C and D get > excessive packet loss, network A works fine. > > I'm using a different counter for each network, also, the mangle rule > only applies to traffic destined for each network. I dont understand > why one would be effecting the other, but it does. > > Here is my iptables -t mangle -L on tunnel server 2, before adding, > and after adding. > > Chain POSTROUTING (policy ACCEPT) > target prot opt source destination > ROUTE all -- anywhere (Network C) every 2th packet > #0 ROUTE oif:AMC_TUN1 gw:172.16.0.38 > ROUTE all -- anywhere (Network C) every 2th packet > #1 ROUTE oif:AMC_TUN2 gw:172.16.0.42 > ROUTE all -- anywhere (Network D) every 2th packet > #0 ROUTE oif:TB_TUN1 gw:172.16.0.26 > ROUTE all -- anywhere (Network D) every 2th packet > #1 ROUTE oif:TB_TUN2 gw:172.16.0.30 > > iptables -t mangle -A POSTROUTING --destination (Network A) -m nth > --counter 2 --every 3 --packet 0 -j ROUTE --oif ASI_TEST_TUN1 --gw > 172.30.0.14 > > iptables -t mangle -A POSTROUTING --destination (Network A) -m nth > --counter 2 --every 3 --packet 1 -j ROUTE --oif ASI_TEST_TUN2 --gw > 172.30.0.18 > > iptables -t mangle -A POSTROUTING --destination (Network A) -m nth > --counter 2 --every 3 --packet 2 -j ROUTE --oif ASI_TEST_TUN3 --gw > 172.30.0.22 > > Chain POSTROUTING (policy ACCEPT) > target prot opt source destination > ROUTE all -- anywhere (Network C) every 2th packet > #0 ROUTE oif:AMC_TUN1 gw:172.16.0.38 > ROUTE all -- anywhere (Network C) every 2th packet > #1 ROUTE oif:AMC_TUN2 gw:172.16.0.42 > ROUTE all -- anywhere (Network D) every 2th packet > #0 ROUTE oif:TB_TUN1 gw:172.16.0.26 > ROUTE all -- anywhere (Network D) every 2th packet > #1 ROUTE oif:TB_TUN2 gw:172.16.0.30 > ROUTE all -- anywhere (Network A) every 3th packet > #0 ROUTE oif:ASI_TEST_TUN1 gw:172.30.0.14 > ROUTE all -- anywhere (Network A) every 3th packet > #1 ROUTE oif:ASI_TEST_TUN2 gw:172.30.0.18 > ROUTE all -- anywhere (Network A) every 3th packet > #2 ROUTE oif:ASI_TEST_TUN3 gw:172.30.0.22 > > If any more information is needed to help troubleshoot, please let me know. > Thanks for any suggestions > -Joe > _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
