On Wednesday 16 August 2006 10:11, Jacques Rompen wrote: > On 8/14/06, Luciano Ruete <luciano@xxxxxxxxxxxxx> wrote: > > On Monday 14 August 2006 12:42, Jacques Rompen wrote: > > > Ok ive been trying to get this to work for about half a year now. Ive > > > searched all over the internet for a solution for > > > my problem. Ive found some solutions, but they only led me to yet more > > > problems. > > > > > > What we want to do is the following: > > > I live in a student complex with 7 other people. Every room has its own > > > internet connection from the same ISP. > > > Ip, gateway, subnet are asigned through dhcp on mac-adres basis. Every > > > internet connection is capped at 20mbit > > > up/down. > > > We want to get all computers on an internal network. So we need some > > > > sort > > > > > of router that accepts all 8 internet > > > connections and routes it out over a gbit nic -> switch -> internal > > > > network > > > > > So we have a computer with 10 nics and "hopefully" enough internal > > > bandwith. > > > > one simple solution is in this post[1] (read all the thread if you whant > > a context). Bassically it uses iptables CONNMARK to remembre to which > > iface(and > > certanly wich src ip) each connection flow belongs. > > > > You will have to use same gw in all ifaces, maybe the ip route "onlink" > > ption(command line) make your script simpler. No need to use julian patch > > and > > certanly DO NOT USE CONFIG_IP_ROUTE_MULTIPATH_CACHED in your kernel > > config. > > > > Feel free to post any doubts. > > > > Greets. > > > > [1]http://mailman.ds9a.nl/pipermail/lartc/2006q2/018964.html > > -- > > -- > > Luciano > > Hi Luciano, > > Ive tried the above solution but then with juliano's patch instead of > conmark. It didnt work then because this part of the script: > > ip ro add default nexthop via x.x.x.x dev eth1 weight 1 nexthop via > y.y.y.y dev eth2 > ip route add default table provider1 via x.x.x.x dev eth1 > ip route add default table provider2 via y.y.y.y dev eth2 > # and most important > ip rule add fwmark 0x1 table provider1 > ip rule add fwmark 0x2 table provider2 > > somehow looked at the default gateway x.x.x.x or y.y.y.y instead of to the > "dev ethx" > Because the gateway adresses were both the same x.x.x.x = y.y.y.y all the > outgoing packets were routed out over eth1. ok, what if you try with onlink: ip ro add default nexthop via x.x.x.x eth1 onlink nexthop via x.x.x.x eth2 onlink and so on... > Im not totaly sure, but the conmark line's only make sure that packets that > go out over some nic get back over the same nic? Or do they infact fix the > "same gateway"problem? You are rigth, connmark does not solve the "same gw" problem, connmark is to guarantice that packet that belongs to a session dialog keeps the same src address. There is no need to patch the kernel, and it works perfectly well. > This is why i tried to get the script from my first post with random match > to work. This guy does exactly what i need to do, but somehow i can't get > random match to work. You think i should use a 2.6 or a 2.4 kernel? I heavly recommend you to use a 2.6 CONNMARK enabled kernel, without julian's patchset and without setting CONFIG_IP_ROUTE_MULTIPATH_CACHED (turn it off) in my experience this is the simplest and robust solution. Iptables random module comes with 2.6 stock kernel(at least now i can confirm 2.6.8 and above, but i think all 2.6), if the onlink tip does not work, you can compile a 2.6 kernel with random enabled and try again. You can post the script that you are ussing, it should convine PREROUTING -j MARK rules with ip ru add fw MARK table mytableX. -- Luciano _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
