[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ip route load distribute

To: <luci-discuss@luci.org>
Subject: ip route load distribute
From: "Danny Sauer" <cloudmaster@cloudmaster.com>
Date: Mon, 5 Jan 2004 21:23:27 -0600 (CST)
Importance: Normal
Organization: Linux Users of Central Illinois
Reply-To: luci-discuss@luci.org
Sender: luci-discuss-owner@luci.org

So, I've resigned myself to actually learning how "ip" works...  I have
two connections from 2 different ISPs.  I want incoming services to still
work on both interfaces for a while.  Call them networks 10.1.1.0 and
10.1.2.0.  The problem is that I've set things up so that the router binds
to all external IPs - eth0=10.1.1.2, eth0:1=10.1.1.3, etc.  The main gain
from that is that I only have to keep track of one IP per machine *on* the
machine, and the router is a central place for distributing things around.

Anyway, I've set up the default route to be the .2 network. 
Unfortunately, that means that incoming traffic for the old .1 network
comes in on .1 but tries to go out over the .2, and that just doesn't
work.

So, I try this:

iptables -A POSTROUTING -s 10.1.1.5 -j SNAT --to 10.1.2.5

but that doesn't work, apparently because the routing decision is made
before the packet gets to the POSTROUTING table.  I need to change the
next hop to 10.1.1.1 for packets that came in for hosts on 10.1.1.x (and
thus, who are replies with a source of 10.1.1.x).  So, I try this:

ip route add 10.1.1.1 dev eth0 src 10.1.1.2 table oldlink
ip route add 10.1.1.1 dev eth0 src 10.1.1.2
ip route add 10.1.1.0 via 10.1.1.2
ip rule add from 10.1.1.2 table oldlink

And, lo, it works.  Kinda.  Stuff coming in for 10.1.1.2 works fine, but
stuff that came in for 10.1.1.3 still tries to go back out the wrong
interface.  If I add another rule (ip rule add from 10.1.1.3 table
oldlink) and/or try to SNAT the .3 to .2, the client presumably rejects
the response because it's still waiting to hear from the machine it
*asked* to respond - .3 - and it doesn't care about this unsolicited
packet from .2.

Grr.  All I want to do is, for packets whose source is 10.1.2.x, set the
next hop to a different gateway than the default for everything else.  It
seems so simple...  This iproute2 thing is woefully under documented in
that area, if my searches are a good representation of what's out there.
:)  Do any of you know the critical piece that I'm missing here?

Oh, supposedly there's a "ROUTE" target available in a patch for iptables,
and it'd do the load balancing part of what I want - but it still wouldn't
do everything I need (AFAICT).

Thanks.
--Danny (who's been away for too long)



-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.

Follow-Ups:
- Re: ip route load distribute
  - From: "Danny Sauer" <cloudmaster@cloudmaster.com>

Prev by Date: Yum! Did Santa leave any 4U?
Next by Date: Re: ip route load distribute
Prev by thread: Re: Antec Sonata PC Case on Sale
Next by thread: Re: ip route load distribute
Index(es):
- Date
- Thread