On 3/14/06, William L. Thomson Jr. <wlt@xxxxxxxxxxxxxxxxxxxx> wrote: > On Tue, 2006-03-14 at 17:49 +0200, Erez D wrote: > > > > coming to think of it, only one outgoing link was nat. could this be > > the problem ? > > Very possible. I know it was a requirement of the time. Very well could > be what's holding you back from load balancing. > > > source routing work well > > i wanted to connect all my company to link1 (default) > > internet via the other link - redirected all web to a proxy on the link2 network > > > > however, i wanted one computer to go via link2 (source routing) > > and all my sip traffic also via link2 (mark them via iptables, then use fwmark) > > Ah so a particular service period on any net, interface you want to use > a particular link. Make sense. > > > the actual problem i reffer to is sip traffic : my SIP box > > (192.168.0.20) connects to my > > home computer via the internet. > > on the way, my company's firewall marks the packet with fwmark > > and 'ip rule' routes all packets with this fwmark to table2 > > table2 has a default route via link2 isp. > > > > also the POSTROUTING chain has a SNAT rule on ppp0 which is link2' interface > > > > but the packet outgoing via ppp0 has 192.168.0.20 as source ip > > other packets travaersing via ppp0 - for them snat works. > > > > so it is somthing to do with ip rule and so > > Not sure I am clear with the problem, but rules are traversed in order. > So if your source rule is before your fwmark rule, it's going to use the > one before the other. But pretty sure I am missing the problem. > the fwmark rule is on the PREROUTING chain the SNAT is on the POSTROUTING so the order is ok. the problem is: all trafic that travarse lan -> eth0 -> ppp0 -> internet : should change the source ip when outoing from ppp0 to the internet, and so it does but, sipbox -> lan -> eth0 -> ppp0 -> internet : the outoing packets from ppp0 has the ip 192.168.0.20 which is the ip of my sipbox instead of my internet ip which is specified in the SNAT rule the difference is that the all the traffic outgoing via ppp0 is because of source nat except the sipbox which is going via fwmark iptables: iptables -t mangle -A PREROUTING -s 192.168.0.20 -p udp --sport $SIPPORT -j MARK --set-mark 0x990 iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to $my_link2_ip ip rule: 10: from all lookup local 20: from 192.168.0.10 lookup isp2 30: from all fwmark 0x990 lookup isp2 40: from all lookup main 50: from all lookup default prio 20 works well (SNAT is activated) prio 30 does not work (routing is ok, SNAT not activated) thanks, erez. > -- > Sincerely, > William L. Thomson Jr. > Obsidian-Studios, Inc. > http://www.obsidian-studios.com > > _______________________________________________ > LARTC mailing list > LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
