Load Balance and SNAT problem.

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I am developing load balancing router, But I have a question about fail over.
The follow diagram is my test environment and scripts.
-------------------------------------------------------------------
Environment Setting 
                                         
                 PC1(192.168.10.2)
                         |
                       (LAN)
                         |
               PC2-eth2( 192.168.10.1)
                +               +
  PC2-eth0(111.111.111.2)    PC2-eth1(222.222.222.2 )
                |               |
              (WAN1)          (WAN2)
                |               |  
  PC3-eth0(111.111.111.1)    PC3-eth1( 222.222.222.1
                +               +
               PC2-eth2(172.16.0.1)

PC2-Linux Kernel 2.6.21
PC2-Iptables 1.3.7


-------------------------------------------------------------------
Iptables rules:

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 111.111.111.2
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 222.222.222.2

# table 101
ip route flush table 101
ip route add 192.168.10.0/24 dev eth2 table 101
ip route add default via 111.111.111.1 dev eth0 table 101

# table 102
ip route flush table 102
ip route add 192.168.10.0/24 dev eth2 table 102
ip route add default via 222.222.222.1 dev eth1 table 102

ip rule del fwmark 1 table 101
ip rule del fwmark 2 table 102
ip rule add fwmark 1 table 101
ip rule add fwmark 2 table 102

iptables -t mangle -A PREROUTING -t mangle -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -m state --state NEW -m statistic --mode nth --every 2 --packet 1 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -m state --state NEW -m statistic --mode nth --every 2 --packet 2 -j MARK --set-mark 2
iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark

-----------------------------------------------------------------------------
Test Sequence:

1. Run command "ping 172.16.0.1 -t" on PC1
2. I capture packets on WAN1 and WAN2, it works fine.
   The ICMP request/response would come out on WAN1 and WAN2 sequentially.
3. I unplug WAN1. Only the packets on WAN1 will lost, but WAN2 should works, right?
   I should saw "ping Time Out" and "ping OK" on PC1 sequentially.
4. But the both connections all breaks. It always "ping Time Out" on PC1.
5. After caputre the packets on WAN1 and WAN2. I saw a weird behavior.
   The source IP of packets on WAN2 is 111.111.111.2, but it should be 222.222.222.2
   That is why WAN2 breaks.
-----------------------------------------------------------------------------
Could you give me a suggestion?
Thanks.

  


 

_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux