On Thursday 22 February 2007 01:57, Ming-Ching Tiew wrote: > From: "Ming-Ching Tiew" <mingching.tiew@xxxxxxxxxxx> > > > I would say it would be better to re-order the the iptables command :- > > > > #restore mark before ROUTING decision > > iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark > > #by-pass rules if it is already MARKed > > iptables -t mangle -A POSTROUTING -m mark --mark ! 0 -j ACCEPT > > #1st packets(from a connection) will arrive here > > iptables -t mangle -A POSTROUTING -o eth1 -j MARK --set-mark 0x1 > > iptables -t mangle -A POSTROUTING -o eth2 -j MARK --set-mark 0x2 > > iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark > > > > ie restore-mark is moved to the top. > > On more careful reading, I am wondering why it is using POSTROUTING ? > > Shouldn't it all be PREROUTING ? _NO_, cause i need that 'multipath routing' makes the 'weighted routing decision' in the first packet of each new connection. Once it is routed, all the other packets from same flow are hacked in PREROUTING, they mark are resotred and ip rule garantize that they will go by the same gateway as the first packet. This solution works in theory and in practice, so plz, get your hands dirty before you post your next great idea. -- Luciano _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
