Hi,
Thanks Jason for the solution. With CONNMARK, I was able to route the
packets properly.
Yeah, the problem was seen only for SSH sessions, I didnot see the
problem with the Telnet and Ping sessions. TOS could be the answer to that.
The only change I had to do as far the CONNMARK solution was that in the
PREROUTING chain, I had to add the rule with "-i eth0" where eth0 is my
LAN, otherwise the return packets were not reaching the box in LAN.
Thanks and Regards,
Vinod C
Raj Mathur wrote:
"Jason" == Jason Boxman <jasonb@xxxxxxxxxx> writes:
Jason> Luciano Ruete wrote: <snip>
>> Besides that, you need to solve the problems that multipath
>> will arise, like TOS situation described above or route cache
>> expiration, that could made long term conns to be routed over a
>> new iface. The solutions i know are CONNMARK(kernel>=2.6.12)
>> and julian's patches[1]. Personally i prefer CONNMARK.
Jason> Could you elaborate a little more on the CONNMARK method?
I second that motion -- not too clear on the interaction between SNAT,
multiple interfaces, multiple default routes and CONNMARK </aol
mode="metoo">. If someone could take out the time to make a complete
example with (say) 2 outgoing interfaces, I promise a small GPL script
in exchange which would automate the whole process.
Actually the script's already made, but it doesn't use CONNMARK and
suffers from the problems Jason describes and as documented in:
http://mailman.ds9a.nl/pipermail/lartc/2006q1/018220.html
Regards,
-- Raju
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
