[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ip route load distribute

To: <luci-discuss@luci.org>
Subject: Re: ip route load distribute
From: "Danny Sauer" <cloudmaster@cloudmaster.com>
Date: Tue, 6 Jan 2004 15:49:52 -0600 (CST)
Importance: Normal
In-Reply-To: <2558.192.168.0.2.1073416421.squirrel@localhost>
Organization: Linux Users of Central Illinois
References: <200401061946.i06Jkv219279@web5.valuenet.net> <2558.192.168.0.2.1073416421.squirrel@localhost>
Reply-To: luci-discuss@luci.org
Sender: luci-discuss-owner@luci.org

Danny Sauer said:
Replying to myself here, for the benefit of the archives. :)

[...]
> Just now, I tried using the conntrack and marking abilities of iptables,
> and I think it might be able to get me where I'm trying to go:
>
> iptables -t mangle -A PREROUTING -m conntrack --ctstate DNAT \
>   --ctorigdst 10.1.1.4 -j MARK --set-mark 0x04
> ip rule add fwmark 04 table xlink4

I'm a moron.  I found my problem.  I dind't have a complete routing table
on the local routing table, so packets were trying to go back out the same
interface they came in on (which was the default route for that adaptor).

Putting it all together, here's what it took to keep an ISP with crummy
service and exorbitant prices while I migrate to sprint:

# set up sprint-specific routing table
ip route add SPRINT_GW dev SPRINT_DEV src SPRINT_IP table sprint
ip route add SPRINT_NET dev SPRINT_DEV table sprint
ip route add INTERNAL_NET dev INTERNAL_DEV table sprint
ip route add EOS_NET dev EOS_DEV table sprint
ip route add default SPRINT_GW table sprint
# set up eos-specific routing table
ip route add EOS_GW dev EOS_DEV src EOS_IP table eos
ip route add SPRINT_NET dev SPRINT_DEV table eos
ip route add INTERNAL_NET dev INTERNAL_DEV table eos
ip route add EOS_NET dev EOS_DEV table eos
ip route add default EOS_GW table eos
# re-route outgoing traffic depending on source
iptables -t mangle -A PREROUTING -m conntrack --ctstate DNAT \
  --ctorigdst SPRINT_NET -j MARK --set-mark 0x05
iptables -t mangle -A PREROUTING -m conntrack --ctstate DNAT \
  --ctorigdst EOS_NET -j MARK --set-mark 0x04
ip rule add fwmark 5 lookup sprint
ip rule add fwmark 4 lookup eos

That lets me DNAT things coming in for any of the sprint IPs or the EOS
ips, sending the traffic on into the internal network wherever it needs to
go, and responses go back out the right way.  The SPRINT_IP and EOS_IP are
just the first address in the assigned range, which are eth0's and eth2's
IPs (though, it works just as well with any of the IPs aliased to the
respective adaptor).  The marks are just arbitrarily chosen numbers, but
note that --set-mark takes a hex value, while ip rule takes a decimal
value (argh).  Also note that only half of what's up there is really
required, assuming one of SPRINT_GW or EOS_GW is set up "normally" as the
default route for the machine.

Funny how reading the man pages actually provided those last couple of
puzzle pieces... :)  I don't remember when the iptables man page actually
developed useful information - last time I checked, it just pointed you to
the web docs.  That's been a while...

--Danny, glad to have *that* over with



-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.

References:
- Re: ip route load distribute
  - From: mike808@users.sourceforge.net
- Re: ip route load distribute
  - From: "Danny Sauer" <cloudmaster@cloudmaster.com>

Prev by Date: Re: Antec Sonata PC Case on Sale
Next by Date: Summer Conference (fwd)
Prev by thread: Re: ip route load distribute
Next by thread: Re: ip route load distribute
Index(es):
- Date
- Thread