Re: Split access, load balancing AND forwarding: HOW?

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

From: "Alex Samad" <alex@xxxxxxxxxxxx>

> hi
>
> sorry missed the previous bits of the thread, could you post the relevant info,
> interested to see how this works and why you would pick it over the multipath
> method

Please note my checking of marked traffic is not ( according to the earlier posts )

> iptables -t mangle .... -m mark  --mark ! 0 -j ACCEPT

However, it is :-

> iptables -t mangle  .... -m mark  ! --mark  0 -j ACCEPT

I leave it to you guys to decide which is the correct syntax.

The code below is taken from part of my bigger code :-

Cheers.
---------------------code-------------------------------------------

LINK1_MARK=5
LINK2_MARK=7
OUTSIDE_DEV_WEIGHT=0.5
INSIDE_DEVICE=eth0
OUTSIDE_DEVICE=eth1
OUTSIDE_DEVICE2=eth2

SAVEMARK="-m mark ! --mark 0 -j CONNMARK --save-mark"
ACCEPTMARK="-m mark ! --mark 0 -j ACCEPT"
SETMARK1="-j MARK --set-mark ${LINK1_MARK}"
SETMARK2="-j MARK --set-mark ${LINK2_MARK}"
#
#first, restore and accept the mark if there is any
iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING ${ACCEPTMARK}
#handle inbound for link1
iptables -t mangle -A PREROUTING -i ${OUTSIDE_DEVICE} ${SETMARK1}
iptables -t mangle -A PREROUTING -i ${OUTSIDE_DEVICE} ${SAVEMARK}
iptables -t mangle -A PREROUTING ${ACCEPTMARK}
#handle inbound for link2
iptables -t mangle -A PREROUTING -i ${OUTSIDE_DEVICE2} ${SETMARK2}
iptables -t mangle -A PREROUTING -i ${OUTSIDE_DEVICE2} ${SAVEMARK}
iptables -t mangle -A PREROUTING ${ACCEPTMARK}

# (other features implementation snipped )

#handle recent outbound
iptables -t mangle -A PREROUTING -i ${INSIDE_DEVICE} -m recent --name link1 \
 --update --second 300 ${SETMARK1}
iptables -t mangle -A PREROUTING -i ${INSIDE_DEVICE} -m recent --name link2 \
 --update --second 300 ${SETMARK2}
iptables -t mangle -A PREROUTING -i ${INSIDE_DEVICE} ${SAVEMARK}
iptables -t mangle -A PREROUTING ${ACCEPTMARK}
#
#non-recent outbound randomly allocated
#
iptables -t mangle -A PREROUTING -i ${INSIDE_DEVICE} \
  -m statistic --mode random --probability ${OUTSIDE_DEV2_WEIGHT} \
  -m recent --name link2 --set ${SETMARK2}
iptables -t mangle -A PREROUTING -i ${INSIDE_DEVICE} ${SAVEMARK}
iptables -t mangle -A PREROUTING ${ACCEPTMARK}
iptables -t mangle -A PREROUTING -i ${INSIDE_DEVICE} \
  -m recent --name link1 --set ${SETMARK1}
iptables -t mangle -A PREROUTING -i ${INSIDE_DEVICE} ${SAVEMARK}
iptables -t mangle -A PREROUTING ${ACCEPTMARK}




_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux