From: "Luciano Ruete" <luciano@xxxxxxxxxxxxx> > > The solution is to use CONNTRACK from iptables, full example described in > this[1] e-mail from the archive. No patches needed. > > [1] http://mailman.ds9a.nl/pipermail/lartc/2006q2/018964.html > I think you mean CONNMARK ( not CONNTRACK ) from iptables ? The ever popular routing command :- > > #route commands > ip ro add default nexthop via x.x.x.x dev eth1 weight 1 nexthop via y.y.y.y dev eth2 > I personal view is that ***NEVER*** use such a routing statement, or never let the system has a chance to use such a routing statement, especially when you are doing NAT. The email example above included this routing statement but it is not used because the 'ip rule' takes precedence. The multipath weighted cached based routing is problematic. I would say it would be better to re-order the the iptables command :- #restore mark before ROUTING decision iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark #by-pass rules if it is already MARKed iptables -t mangle -A POSTROUTING -m mark --mark ! 0 -j ACCEPT #1st packets(from a connection) will arrive here iptables -t mangle -A POSTROUTING -o eth1 -j MARK --set-mark 0x1 iptables -t mangle -A POSTROUTING -o eth2 -j MARK --set-mark 0x2 iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark ie restore-mark is moved to the top. I strongly recommend that the LARTC documentation be updated, especially it encourages people to use multipath weighted routing instead of iptables based solution. Cheers. _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
