-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > HI All , > > I am running a FC6 box with two internet links with load balance . Every > thing is working fine expect the MSN connection that failed and > reconnect every time and SSL connections . I would link to know if with > the nona howto I could fix that . > > I have been tried with no success to redirect that connection only to > one link but its look like do not work . Here my configuration : > > #!/bin/bash > # > # Script Baseado em > http://lartc.org/howto/lartc.rpdb.multiple-links.html > # > # > # > > > IF0=eth1 > > function interface_interna() { > VALOR_IP=0 > while [ $VALOR_IP -lt 254 ] ; do > if [ $VALOR_IP -ne 33 ] ; then > P0_NET=192.168.${VALOR_IP}.0 > IP0=192.168.${VALOR_IP}.1 > ip route add $P0_NET dev $IF0 src $IP0 table T1 > ip route add $P0_NET dev $IF0 src $IP0 table T2 > fi > VALOR_IP=$(expr $VALOR_IP + 1) > done > ip route add 192.168.33.0/24 via 10.1.2.1 dev eth1 src 10.1.2.2 > ip route add 192.168.33.0/24 via 10.1.2.1 dev eth1 src 10.1.2.2 > table T1 > ip route add 192.168.33.0/24 via 10.1.2.1 dev eth1 src 10.1.2.2 > table T2 > } > > > > IP1=xxx.xxx.xxx.18 > IF1=eth0 > P1_NET=xxx.xxx.xxx.16/30 > P1=xxx.xxx.xxx.17 > > > IP2=192.168.254.250 > IF2=eth2 > P2_NET=192.168.254.248/29 > P2=192.168.254.254 > > > > ip route add $P1_NET dev $IF1 src $IP1 table T1 > ip route add default via $P1 table T1 > ip route add $P2_NET dev $IF2 src $IP2 table T2 > ip route add default via $P2 table T2 > > ip route add $P1_NET dev $IF1 src $IP1 > ip route add $P2_NET dev $IF2 src $IP2 > > ip rule add from $IP1 table T1 > ip rule add from $IP2 table T2 > > ip route add $P0_NET dev $IF0 table T1 > ip route add $P1_NET dev $IF1 table T1 > ip route add $P2_NET dev $IF2 table T1 > ip route add 127.0.0.0/8 dev lo table T1 > > ip route add $P0_NET dev $IF0 table T2 > ip route add $P1_NET dev $IF1 table T2 > ip route add $P2_NET dev $IF2 table T2 > ip route add 127.0.0.0/8 dev lo table T2 > > interface_interna > > ip route add default scope global nexthop via $P1 dev $IF1 weight 1 \ > nexthop via $P2 dev $IF2 weight 1 > > #ROTAS DE BACKUP > > ip route add default via $P2 dev $IF2 metric 1 table T1 > ip route add default via $P1 dev $IF1 metric 1 table T2 > > #ROTAS DE SERVICOS > > ip rule add fwmark 2 table 21 prio 20 > ip rule add fwmark 3 table 22 prio 20 > > ip route add default via $P1 dev $IF1 table 21 > ip route add default via $P2 dev $IF2 table 22 > > ip route flush cache > > Here the iptables mangles rules : > > ############# MSN Services ##################### > iptables -t mangle -A PREROUTING -i eth1 -p tcp -m layer7 --l7proto > msnmessenger -j MARK --set-mark 2 > iptables -t mangle -A PREROUTING -i eth1 -p udp -m layer7 --l7proto > msnmessenger -j MARK --set-mark 2 > ############### SSL Services ########### > iptables -t mangle -A PREROUTING -i eth1 -p tcp -m layer7 --l7proto ssl > -j MARK --set-mark 2 My experience with the layer7 module has been sketchy. Have you checked to make sure that the layer7 module is catching msnmessenger traffic? It would be a good idea to try #iptables -A PREROUTING -i eth1 -p tcp -m layer7 --l7proto msnmessenger -j LOG \ - --log-prefix 'MSN Messenger Packet: ' and consult /var/log/messages and make sure that layer7 is seeing it. If it's not, the packets for msn traffic will never get marked. a much better solution would be to mark based on destination port, and let connection tracking take care of the rest. for example: #DNS Traffic #iptables -A FORWARD -i eth1 -p tcp --dport 53 -j MARK --set-mark 2 #iptables -A FORWARD -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT #iptables -A FORWARD -p udp -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT hope this helps! > > I add the rules from DNS and FTP too . > > But it's not seems to work . > > Any help will be appreciated . > > Saulo Silva -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGjNtxE5g7hmMpaLoRAuFwAJ9ePBgmBCQfToFaT24PZFvdIhH20ACgq52E pFsHeJgpBIGDG6oPHdhZpnc= =TgHZ -----END PGP SIGNATURE----- _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
