Multipath Routing over NAT connections with 2.6 kernels

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

With 2.4 Kernels i could multipath (route based) over two external 
connections with nat using a script as shown below.

              |---------|
              |         |------- (eth1) NAT
              |         |
LAN (eth0) ---|LINUX BOX|
              |         |------- (eth2) NAT
              |---------|



----------------- START OF SCRIPT ----------------
        # Flushing IP route table cache
        ip route flush cache

        # Establishing routing tables to providers
        ip route add $PROVIDERA_NET dev $EXTA_IF src $GATEWAYEXTA_IP table 
T1
        ip route add default via $PROVIDERGWA_IP table T1
        ip route add $PROVIDERB_NET dev $EXTB_IF src $GATEWAYEXTB_IP table 
T2
        ip route add default via $PROVIDERGWB_IP table T2

        # Ensure packets return via the correct interface
        ip route add $PROVIDERA_NET dev $EXTA_IF src $GATEWAYEXTA_IP
        ip route add $PROVIDERB_NET dev $EXTB_IF src $GATEWAYEXTB_IP

        # Set routing tables for IP
        ip rule add from $GATEWAYEXTA_IP table T1
        ip rule add from $GATEWAYEXTB_IP table T2

        # Load Balance traffic - route based
        ip route add default scope global nexthop via $PROVIDERGWA_IP dev 
$EXTA_IF weight 1 nexthop via $PROVIDERGWB_IP dev $EXTB_IF weight 1
----------------- END OF SCRIPT ----------------

My problem is with 2.6 kernels it seems to just drop packets. It i get 
kernel messages "Route sent us somewhere else".

I located the offending netfilter code:

  if (rt->u.dst.dev != out) {
   if (net_ratelimit())
    printk("MASQUERADE:"
           " Route sent us somewhere else.\n");
   ip_rt_put(rt);
   return NF_DROP;

It seems that the netfilter code was changed becaue it was possible for 
packets to go out the wrong interface due the routing relying on the route 
cache.

I found some artices discussing the issue.

http://www.ussg.iu.edu/hypermail/linux/net/0401.1/0028.html

However whats is the end result? How can achieve multipath routing over NAT 
connection as was possible in 2.4 kernels?.


Mirkin...




***************************** Disclaimer *****************************

The contents of this electronic message and any attachments are intended only for the addressee and may contain privileged or confidential information. They may only be used for the purposes for which they were supplied. If you are not the addressee, you are notified that any transmission, distribution, downloading, printing or photocopying of the contents of this message or attachments is strictly prohibited. The privilege of confidentiality attached to this message and attachments is not waived, lost or destroyed by reason of mistaken delivery to you. If you receive this message in error please notify the sender by return e-mail or telephone.
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux