Hello, Kernel 2.4.26 Iptables 1.2.11 Nth patch Route patch I am trying to configure a machine that will allow per packet load balancing to effectively double the throughput of an FTP connection. I have managed to get FTP connectivity to the destination server from the load balancing machine but gtrellm only shows 15Kbs maximum throughput. I cannot connect from the client machine even though I can ping the destination server. Test environment 2 RHL FC1 Servers with CBQ on outgoing interface to limit to 256Kbs to simulate ADSL modem/routers (G1 and G2) 1 XP Client machine (C1) 1 Loadbalance server (LB) 1 Destination FTP RHL FC1 - FTP Addressing C1 10.15.1.5/24 gw 10.15.1.1 G1 Internal: 192.168.253.2/30 External: 192.168.2.220/24 - No NAT G2 Internal: 192.168.252.2/30 External: 192.168.2.221/24 - No NAT LB Internal 10.15.1.1/24 Ext1: 192.168.253.1/30 Ext2: 192.168.252.2/30 FTP: 192.168.2.2/24 I have attempted to SNAT all the packets leaving eth1 and eth2 to 192.168.2.220 Current IPtables configuration Table: mangle Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination ROUTE all -- anywhere !10.15.1.0/24 every 2th packet #0 ROUTE gw:192.168.253.2 ROUTE all -- anywhere !10.15.1.0/24 every 2th packet #1 ROUTE gw:192.168.252.2 Table: nat Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination SNAT all -- 10.0.0.0/8 anywhere to:192.168.2.220 SNAT all -- 10.0.0.0/8 anywhere to:192.168.2.220 SNAT all -- 192.168.253.0/30 anywhere to:192.168.2.220 SNAT all -- 192.168.253.0/30 anywhere to:192.168.2.220 SNAT all -- 192.168.252.0/30 anywhere to:192.168.2.220 SNAT all -- 192.168.252.0/30 anywhere to:192.168.2.220 Chain OUTPUT (policy ACCEPT) target prot opt source destination Table: filter Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere 10.15.1.0 tcp dpt:ssh state NEW ACCEPT tcp -- anywhere 192.168.253.1 tcp dpt:ssh state NEW ACCEPT tcp -- anywhere 192.168.252.1 tcp dpt:ssh state NEW ACCEPT all -- 10.0.0.0/8 anywhere state NEW ACCEPT all -- 192.168.253.0/30 anywhere state NEW ACCEPT all -- 192.168.252.0/30 anywhere state NEW RULE_2 icmp -- anywhere anywhere state NEW RULE_3 all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- 10.0.0.0/8 anywhere state NEW ACCEPT all -- 192.168.253.0/30 anywhere state NEW ACCEPT all -- 192.168.252.0/30 anywhere state NEW RULE_2 icmp -- anywhere anywhere state NEW RULE_3 all -- anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere 10.15.1.0 tcp dpt:ssh state NEW ACCEPT tcp -- anywhere 192.168.253.1 tcp dpt:ssh state NEW ACCEPT tcp -- anywhere 192.168.252.1 tcp dpt:ssh state NEW ACCEPT all -- 10.0.0.0/8 anywhere state NEW ACCEPT all -- 192.168.253.0/30 anywhere state NEW ACCEPT all -- 192.168.252.0/30 anywhere state NEW RULE_2 icmp -- anywhere anywhere state NEW RULE_3 all -- anywhere anywhere Chain RULE_2 (3 references) target prot opt source destination LOG all -- anywhere anywhere LOG level info prefix `RULE 2 -- ACCEPT ' ACCEPT all -- anywhere anywhere Chain RULE_3 (3 references) target prot opt source destination LOG all -- anywhere anywhere LOG level info prefix `RULE 3 -- DENY ' ACCEPT all -- anywhere anywhere Current output of ip route 192.168.252.0/30 dev eth2 scope link 192.168.253.0/30 dev eth1 scope link 10.15.1.0/24 dev eth0 scope link 169.254.0.0/16 dev eth2 scope link 127.0.0.0/8 dev lo scope link default nexthop via 192.168.253.2 dev eth1 weight 1 nexthop via 192.168.252.2 dev eth2 weight 1 I have tried using MARK to mark the packets with The nth subsystem and have created the necessary ip routing tables but unable to get any joy. Therefore 1. Has anyone done this? 2. Is this the right approach? 3. Has anyone managed to get MARK scenario working with nth? If so could you point me to an example? I have Googled for hours, even though many people have discussed I am yet to see a working example. When the configuration is finalized I wish to extend to potentially 4 ADSL connections so that we can stream live multimedia to our server on the internet. TIA Regards /Steve
