Found a note in the patch: /* Send the packet. This will also free skb + * Do not go through the POST_ROUTING hook because + * skb->dst is not set and because it will probably + * get confused by the destination IP address. + */ Maybe try the ROUTE command in FORWARD instead. Hey, why not even try PREROUTING. -----Original Message----- From: Javier Govea [mailto:jgovea@xxxxxxxx] Sent: Tuesday, July 29, 2003 8:39 AM To: George Vieira; Javier Govea Cc: netfilter@xxxxxxxxxxxxxxxxxxx Subject: RE: Round Robin Load Balancing Hi guys, Well, i tried with only the SYN packets (my rules are below) and still nothing. My hosts cannot access the net. Any more ideas??? Here are are my rules (if they are wrong, please correct me): iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to-source <ip-of-ppp0> . iptables -t mangle -A POSTROUTING -m nth --every 4 --packet 0 -p tcp --syn \ -j ROUTE --oif ppp0 . Thanx... Xavier On Jul 29, "George Vieira" <georgev@xxxxxxxxxxxxxxxxxxxxxx> wrote: > > probably because you should be doing that on the SYN packet ONLY.. not on any packet because it'll send 1 connection across multiple interfaces... > > Thanks, > ____________________________________________ > George Vieira > Systems Manager > georgev@xxxxxxxxxxxxxxxxxxxxxx > > Citadel Computer Systems Pty Ltd > <a href='http://www.citadelcomputer.com.au'>http://www.citadelcomputer.com. au</a> > > > -----Original Message----- > From: Javier Govea [mailto:jgovea@xxxxxxxx] > Sent: Tuesday, July 29, 2003 7:15 AM > To: Chris Wilson; Javier Govea > Cc: Daniel Chemko; George Vieira; netfilter@xxxxxxxxxxxxxxxxxxx; Ramin > Dousti; netfilter@xxxxxxxxxxxxxxxxxxx > Subject: Re: Round Robin Load Balancing > > > Hi guys, > > Thanx for all your suggestions, but i have bad news. The rules you guys are suggesting > make a lot of sense to me but they don't work. My hosts still cannot surf the net. > > This rule: > > iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to-source <ip-of-ppp0> > > is another form for the masquerade rule: > > iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE > > Using either of these two rules my hosts can access internet, but i still have the > problem of the load balancing. Some ppp links are used more than others in situations > such as loading the same web page in four different browsers. > > As soon as i add the "nth" rules to the mangle table my browsers stop working, they just > can contact the web servers and eventually they time out. I'm not sure if by adding any > rule to my mangle table the browsers stop, but at least they stop when i add your > suggestions to the mangle table. > > Any other ideas, suggestions, tips?? all are very welcome... > Thanx to all, i really appreacite all your time and interest.... > Xavier > > > > > > Try something like this: > > > > iptables -t mangle -A POSTROUTING -m nth --every 4 --packet 0 \ > > -j ROUTE --oif ppp0 > > iptables -t mangle -A POSTROUTING -m nth --every 4 --packet 1 \ > > -j ROUTE --oif ppp1 > > ... > > > > iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to-source <ip-of-ppp0> > > iptables -t nat -A POSTROUTING -o ppp1 -j SNAT --to-source <ip-of-ppp1> > > ... > > > > Cheers, Chris. > > -- > > ___ __ _ > > / __// / ,__(_)_ | Chris Wilson -- UNIX Firewall Lead Developer | > > / (_ / ,\/ _/ /_ \ | NetServers.co.uk <a > href='<a href='http://www.netservers.co.uk'><a href='http://www.netservers.co.uk</a>'>http://www.netservers.co.uk </a></a>'>http://www.netservers.co.uk'><a href='http://www.netservers.co.uk</a>'>http://www.netservers.co.uk </a></a></a> | > > \ _//_/_/_//_/___/ | 21 Signet Court, Cambridge, UK. 01223 576516 | > > > > > > > >
