Hi Lloyd,
after months of bashing at this and I'm onto revision 3 of the rig,
conntrack is the answer.
also conntrack allows you to connect to both wan IP eg ssh to one and
smtp to the other.
without conntrack, the route cache will only allow connection to one wan
port, so if your
ssh into one side, any connection to the other side will mysteriously
fail, then vica versa.
cheers
On 19/02/2012 2:19 PM, Lloyd Standish wrote:
On Sat, 18 Feb 2012 19:59:00 -0600, Brian Austin - Standard Universal
<brian@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:
you need to restore connmarks coming in from the wan so the system
can send them back out that way
Hello Brian,
Thanks for the reply. The router I described does not use connmark.
It uses a command like this to set up round-robin balancing:
ip route add default scope global nexthop via 192.168.1.1 dev eth1
weight 1 nexthop via 192.168.2.1 dev eth2 weight 1 nexthop via
200.91.104.144 dev ppp0 weight 1
This is described here:
http://lartc.org/howto/lartc.rpdb.multiple-links.html
The article teaches that this balancing depend on the following rule
(one for each interface) to route traffic out the same interface as it
was received on:
ip rule add from ${!wan} table $table priority $((${#ifaces[@]}*100))
(Of course, the priority value can be ignored.)
Since this system results in breaking connections, I am forced for the
time being to use a connmarks for balancing, and restoration of marks,
as you mentioned.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
