Hi. Contents: 1) Introduction 2) 2 Questions * Introduction: I used this HOWTO to use multiple providers. http://lartc.org/howto/lartc.rpdb.multiple-links.html The box is a load balancer, using the Linux Virtual Server. We have a problem with lost connections, and it seems you get issues when you combine this setup with DNAT [1]. The proposed solution [1] is to use these rules to mark packages with the conntrack module ... so I guess you mark all the packages that belong to the connection when it's established (and every package before they get DNATted). # iptables -t mangle -A PREROUTING -m conntrack --ctorigdst $IP1 -j MARK --set-mark=1 # iptables -t mangle -A PREROUTING -m conntrack --ctorigdst $IP2 -j MARK --set-mark=2 And then use the mark to route the outgoing packages correctly. # ip rule add fwmark 1 table T1 # ip rule add fwmark 2 table T2 [1] (Spanish) http://bulma.net/body.phtml?nIdNoticia=2145&nIdPage=last * Questions - Has anybody in this list experienced similar problems? - I haven't tried this solution but I will today. I'd like to know if there's a way to solve this problem without using fwmark. I'm using fwmarks already to ease the configuration of keepalived and I'll need to find a workaround to another problem if I have to use fwmarks. It is: I have 2 redundant routers and I use heartbeat to set up the real (internet) IPs. http://cgi.afc.no-ip.info/svnwiki.cgi/default/Keepalived%20with%20fwmark%20and%20no%20VIP Regards, Nelson.- BTW: There should be a warning in the HOWTO for this DNAT issue, since this setup if fair common (I guess). -- Homepage : http://geocities.com/arhuaco The first principle is that you must not fool yourself and you are the easiest person to fool. -- Richard Feynman. _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
