> On Tue, 2006-03-28 at 11:27 +0200, sAwAr wrote: > > > That's your problem. The Linux box with multiple gateways needs nat. At > > > least that was a requirement back in the day. Pretty sure nothing has > > > change there. Part of what Julian's patches address as well. > > > > > > When I had a setup like yours. I did two rounds of NAT/PAT. Once in > > > each of the routers, then again in the Linux router for the multiple > > > gateway thing to work. > > > > > > Try doing nat in your Linux box as well, and you should see some better > > > results. > > > > Yes I've tryd it. I did it by > > -A POSTROUTING -s 192.168.200.10 -o eth0 -j SNAT --to-source 80.48.56.70 > > -A POSTROUTING -s 80.48.56.70 -o eth1 -j SNAT --to-source 192.168.200.10 > > > > And it was working at least the connections with bad src ip was nated > > and they wasn't drop by ISP routers due to wrong src ip. It was > > happen when for example router with ip 80.48.56.65 recived packet from > > 192.168.200.10. The nat realy help. However with this solution my > > connections are natted and wan't be able to make direcct connections > > ie p2p, Will I? > > Sure you can, you just need to setup PAT via DNAT, along with SNAT. Your > doing translation from inside out, for P2P or serving stuff. You need to > have translation from the outside in as well. > > > But why this is happen? In my opinion there is still some bug because > > the gw should change in each "hop" like the src adress is changing. > > Well the request goes back out the interface it came in. If the request > was initiated from the outside. If it's initiated from the inside and > there is nothing in cache. Then each time it tries to send something > out, form the inside. It should use a different gateway. > > However if it sends a request out one interface, and that route is > cache. It might send out a few more till the cache expires. Then it will > switch to the other interface. > > > Nat only fix the wrong src addres but not resolve this problem... or > > maby this is normal behaviour of load-balancing ? I don't think so... > > It really is design, since it someone on the remote end is expecting a > response from one IP. Responding from another is no good. > > > If I understood the problem correctly. > > Sure you can, you just need to setup PAT via DNAT, along with SNAT. Your > doing translation from inside out, for P2P or serving stuff. You need to > have translation from the outside in as well. I belive that I can do it correctly but I have to say that I don't understand why? > Well the request goes back out the interface it came in. If the request > was initiated from the outside. If it's initiated from the inside and > there is nothing in cache. Then each time it tries to send something > out, form the inside. It should use a different gateway. According to: http://lartc.org/howto/lartc.rpdb.multiple-links.html This setup is responsible for sending answer with proper interface (witch it comes). ip route add $P1_NET dev $IF1 src $IP1 table T1 ip route add default via $P1 table T1 ip route add $P2_NET dev $IF2 src $IP2 table T2 ip route add default via $P2 table T2 ip route add $P1_NET dev $IF1 src $IP1 ip route add $P2_NET dev $IF2 src $IP2 ip route add default via $P1 ip rule add from $IP1 table T1 ip rule add from $IP2 table T2 my setup is copy of this (with some things from http://www.ssi.bg/~ja/nano.txt but without them it stil wasn't wrok): ip route replace 192.168.0.0/16 proto static dev eth1 src 192.168.200.10 table wew ip route replace default via 192.168.1.1 dev eth1 src 192.168.200.10 proto static table wew ip route append prohibit default table wew metric 1 proto static ip route replace 80.48.56.64/26 proto static dev eth0 src 80.48.56.70 table zew ip route replace default via 80.48.56.65 dev eth0 src 80.48.56.70 proto static table zew ip route append prohibit default table zew metric 1 proto static ip rule add prio 10 table main ip rule add prio 100 table brama ip rule add prio 50 from 80.48.56.64/26 table zew ip rule add prio 60 from 192.168.0.0/16 table wew ip route del default table main ip route flush cache only diference is that I've changed the table of default gateway from main to "brama" but I ofcourse have trayed wiht oryginal setup with no luck. So it don't make any problem. when I use ip rute add default via 192,168,1,1 table brama or instead ip route add default via 80.48.56.65 table brama everything is correct. I can connect from my box and the incoming (new) connections correctly send back with good interface and src ip. However I can use on gw so all my (new) connections witch are send out are send via only 1 gw. Problem is when I setup multipath instead on default gw with: ip route replace default table brama scope global nexthop via 192.168.1.1 dev eth1 nexthop via 80.48.56.65 dev eth0 According to http://lartc.org/howto/lartc.rpdb.multiple-links.html this should be enough to send new outdoging (not responses for conecctions from outside they are routed in proper way as i wrote above) through 2 gw each new connection from one of them and in this way make a load-balancing. In my case system trys to use only one gw !!NOT TWO!! with two diferent src ip ones it is 192.168.200.10 and next 80.48.56.70 next 192.168.200.10.. So I'm still saying that there is something wrong with config or something else. If I set NAT I can connect without problem but still only ONE GW is used but the wrong srcip is maped to right srcip of outgoing interface _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
