Re: Checking line status

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 2009-09-02 at 15:02 +0100, John Lister wrote:
> >You need to ensure that your ping packets come from the right IP and get
> >routed to the right interface. Useless comment maybe, but without
> >you posting your details here it is difficult to say more specific
> >things ;)
> 
> One more thing, I had this (simplified) configuration, but none of the rules 
> seem to be triggered, I thought local packets went through this chain
>
> mangle(OUTPUT) -> nat (OUTPUT) -> OUTPUT -> routing decision -> mangle (POSTROUTING) -> nat (POSTROUTING)

Nope: The (initial) routing decision is taken first and then the chains
are traversed as follows.

http://ebtables.sourceforge.net/br_fw_ia/br_fw_ia.html#section3

But apparently when you set fwmarks the kernel then reconsiders
its routing  decision later on, don't ask me how that works, maybe
some of the developers can answer that.

> ip route add 87.194.A.B/22 dev eth1 table 111
> ip route add 192.168.2.0/24 dev eth0 table 111
> ip route add default via 87.194.a.b dev eth1 table 111
> 
> ip route add 94.30.X.Y/29 dev eth4 table 222
> ip route add 192.168.2.0/24 dev eth0 table 222
> ip route add default via 94.30.x.y dev eth4 table 222
> 
> ip rule add fwmark 111 table 111
> ip rule add fwmark 222 table 222
> 
> iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark
> iptables -t mangle -A OUTPUT -m mark --mark 0 -m state --state NEW -m 
> statistic --mode nth --every 2 --packet 0 -j MARK --set-mark 111
> iptables -t mangle -A OUTPUT -m mark --mark 0 -m state --state 
>     -j MARK --set-mark 111
> iptables -t mangle -A OUTPUT -j CONNMARK --save-mark

Google dragged up this:

http://rumytaulu.wordpress.com/2009/05/23/linux-loadbalancing-with-two-adsl-modems/


> iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 87.194.a.b
> iptables -t nat -A POSTROUTING -o eth4 -j SNAT --to-source 94.30.x.y
> 
> 
> I would hope that the first set of iptables rules mark the packets before 
> the routing rules forward them on their way (via a bit of SNATting), however 
> it looks like the mangle OUTPUT table is skipped and no marks are added...

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux