Hi,
it is now working and my router receives the return packets, but they
are not forwarded and dropped after the MANGLE PREROUTING chain.
What could be the issue, or where in the kernel could I check what's
happening? Is there some flag to enable detailed tracing?
Based on tcpdump the packet is okay regarding checksums.
Based on this
https://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg
it breaks somwhere between mangle and nat PREROUTING.
Any suggestions or ideas are welcome!
Thanks
BR
Thomas
On 13 Sep 2017, at 11:34, Arturo Borrero Gonzalez wrote:
On 12 September 2017 at 08:00, Thomas Rosenstein
<thomas.rosenstein@xxxxxxxxxxxxxxxx> wrote:
Hello,
I'm trying to setup L3 load balancing (with direct server return)
which
requires me to send back or receive packets with a certain src/dst
address,
but for these packets the dst address is replaced on the load
balancer, then
routed and are arriving on my linux container.
I guess you could do this with nftables. You can perform this kind of
load balancing with nftables out of the box [0].
Note that nftables should be able to work with DSCP, so you can
combine both things (matching, load-balancing) with the same
technology.
Please, read the docs in our wiki and do some tests. After that, it
would be great if you come back here and report your experience :-)
Perhaps we can generate a concrete example and put it in the wiki for
future references.
[0] https://wiki.nftables.org/wiki-nftables/index.php/Load_balancing
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
