On 06/24/07 22:07, John Chang wrote:
iptables -t mangle -A PREROUTING -t mangle -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -m state --state NEW -m statistic
--mode nth --every 2 --packet 1 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -m state --state NEW -m statistic
--mode nth --every 2 --packet 2 -j MARK --set-mark 2
iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark
I don't think these rules are going to do what you anticipate them to
do. These rules will alternate which route is used based on sequential
entry of packets in to the router. Consider if you have any transaction
that will take more than one packet. The connection will be sent out
both routes, each with different source IP addresses, thus the two
packets are no longer associated with each other thus breaking your
connection.
2. I capture packets on WAN1 and WAN2, it works fine.
The ICMP request/response would come out on WAN1 and WAN2 sequentially.
(See the above comment.)
3. I unplug WAN1. Only the packets on WAN1 will lost, but WAN2 should
works, right?
I should saw "ping Time Out" and "ping OK" on PC1 sequentially.
*IF* the rules do work, yes this should be what you see.
4. But the both connections all breaks. It always "ping Time Out" on PC1.
*nod*
5. After caputre the packets on WAN1 and WAN2. I saw a weird behavior.
The source IP of packets on WAN2 is 111.111.111.2
but it should be 222.222.222.2
That is why WAN2 breaks.
I don't know what to say here, other than something is not working right.
Could you give me a suggestion?
Thanks.
Do not use this method to load balance. Look in to Equal Cost Multi
Path (a.k.a. ECMP) routing and specifying multiple default gateways on
one route command. The kernel should try to load balance across the
multiple default gateways for you while maintaining connections.
Grant. . . .
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
