[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ip route load distribute



(short refresher - machine bound to 10.1.1.2, 10.1.2.2, default route is
10.1.1.1 over 10.1.1.2 interface, 10.1.2.x traffic should be routed over
10.1.2.1)

This (script below) also doesn't do it (but it seems to get closer), and I
was so hoping it'd work...  Incoming connections to the machine bound to
all those addresses work fine.  The machine's bound to, say, 10.1.2.2,
10.1.2.3, and 10.1.2.4.  I can connect to .2 and .3 just fine, as they're
both the local machine.  .4 is set up like this:

iptables -t nat -A PREROUTING -d 10.1.1.4 -j www
iptables -A www -p tcp --dport http -j DNAT --to 192.168.0.4

So, what's happening is apparently that the incoming packet gets its
destination DNATed to the internal address, and the outgoing packet gets
its source SNATed back to the original source.  Since the SNAT happens
after the routing decision, though, the route is being chosen based on the
source address at that time - ie, the internal address - instead of what
the source address will *become* after the "reverse DNAT" stage.

Assuming that's true, what I need is a rule somewhere that will choose the
outgoing route based on whether or not the packet is related to an
incoming DNATed connection, and which incoming DNATed connection it came
in on.  Right?  Perhaps I can use iptables to mark related packets, or
something, and then use ip route to set the nexthop based on that mark... 
Can I make conditional decisions based on relation to a DNAT rule with
iptables?  Back to the docs...

I'll probably just alias the old IPs to internal machines and use regular
routing if I can't get this to work - but I'd really prefer to get a
centralized solution working. :)

--Danny, thinking out loud

#!/bin/sh
X_GW='10.1.2.1'
X_NET='10.1.2.0/26'
X_DEV='eth2'
X_IP_BASE='10.1.2.'
X_TABLE_BASE='xlink'

# create x routing rules
I=2 # first x IP on machine is 10.1.2.2
while [ $I -lt 63 ]; do # last IP is .62
        IP="$X_IP_BASE$I"
        TABLE="$X_TABLE_BASE$I"

        ip route add $X_GW dev $X_DEV src $IP table $TABLE
        ip route add default via $X_GW table $TABLE
        ip rule add from $IP table $TABLE

        I=$(($I + 1))
done



-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.