[LARTC] Unsubscribe

VedaVyas Diwakar Mon, 30 Sep 2002 21:01:36 -0700


[EMAIL PROTECTED] wrote:

> Send LARTC mailing list submissions to
>         [EMAIL PROTECTED]
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://mailman.ds9a.nl/mailman/listinfo/lartc
> or, via email, send a message with subject or body 'help' to
>         [EMAIL PROTECTED]
>
> You can reach the person managing the list at
>         [EMAIL PROTECTED]
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of LARTC digest..."
>
> Today's Topics:
>
>    1. Re: HTB or CBQ ? (Stef Coene)
>    2. Re: Iptables, SNAT/MASQ,  Multiple gateways (Don Cohen)
>    3. Re: RE:u32 filters and compression (Tobias Geiger)
>    4. ip route (Rimas)
>    5. Re: Rip problems (James Sneeringer)
>    6. Re: Iptables, SNAT/MASQ,  Multiple gateways (Michael T. Babcock)
>    7. Re: Iptables, SNAT/MASQ,  Multiple gateways (Jose Luis Domingo Lopez)
>    8. Two ISP and NAT (Rimas)
>    9. Re: Iptables, SNAT/MASQ,  Multiple gateways (Julian Anastasov)
>   10. Re: Iptables, SNAT/MASQ,  Multiple gateways (Simon Matthews)
>   11. Re: Iptables, SNAT/MASQ,  Multiple gateways (Simon Matthews)
>   12. RE: Iptables, SNAT/MASQ,  Multiple gateways (Greg Scott)
>
> --__--__--
>
> Message: 1
> From: Stef Coene <[EMAIL PROTECTED]>
> Organization: None
> To: "Michael T. Babcock" <[EMAIL PROTECTED]>
> Subject: Re: [LARTC] HTB or CBQ ?
> Date: Mon, 30 Sep 2002 17:37:03 +0200
> Cc: SERBAN Rares <[EMAIL PROTECTED]>,
>         [EMAIL PROTECTED], [EMAIL PROTECTED]
>
> On Monday 30 September 2002 17:26, Michael T. Babcock wrote:
> > Stef Coene wrote:
> > >And one of the mose convincing arguments to me : htb is actively
> > > maintained. If there is a bug or performance problem, it will get fix=
> ed.
> >
> > And, being newer code that many of us have looked at, patches / fixes
> > will probably flow to the maintainer faster than CBQ ones.
> >
> > BTW, how many people are using the patched SFQ (ESFQ?) these days, and
> > how stable is it?
> I used it and it was stable.  I'm going to switch over to kernel 2.5.  Wi=
> ll=20
> the efsq patch apply?
>
> Stef
>
> --=20
>
> [EMAIL PROTECTED]
>  "Using Linux as bandwidth manager"
>      http://www.docum.org/
>      #lartc @ irc.oftc.net
>
> --__--__--
>
> Message: 2
> From: [EMAIL PROTECTED] (Don Cohen)
> Date: Mon, 30 Sep 2002 08:55:27 -0700
> To: Simon Matthews <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED]
> Subject: Re: [LARTC] Iptables, SNAT/MASQ,  Multiple gateways
>
> Simon Matthews writes:
>  > OK, this may be a reasonable approach, but how do I force it initiate
>  > connections from the "fast" interface, yet allow it to fail over to the
>  > slow interface if the sytem removes the route to the fast gateway because
>  > it has detected that it is not responding?
>
> Off hand I don't know anything built in for this (I look forward to
> hearing an answer from someone who does), but I don't think this is
> really what you want anyway.  It's not as if your link is the only one
> that could fail!
> If ISP1's upstream link fails then you want to use ISP2 for all
> traffic other than that intended for ISP1 itself.  And of course,
> problems further upstream prevent you from reaching certain addresses
> but not others, and you don't really know which without a global view
> of the routing.
>
> I think the "right" solution involves monitoring the traffic.
> There's a wide range of things you could do, the simplest being
> simply detecting that the link is not responding.  You could also
> try to detect tcp retransmits, measure RTT, aggregate data to measure
> how well individual connections are working, further aggregate data to
> determine which addresses blocks are working well and which poorly, etc.
> Then use that data to decide which of your links to use for a given
> destination.
>
> I actually sent a proposal to this list that I think provides a good
> solution to the general problem: an extension to TCP (possibly even
> IP) that supports multiple addresses/ports.  This would even allow you
> to switch addresses in the middle of a connection.  I think what I
> described before applies more to the machine on the other side of your
> connection, which now would know both of your addresses.  Whenever it
> does a tcp retransmit it switches the address.  It therefore tends to
> stay on the one that works most reliably.  (Perhaps this algorithm
> could be improved to take speed into account too.)  This discussion
> points out that something similar should be done on your end: you
> should switch the output interface you use when you retransmit.
>
> Of course this is not yet implemented.  It's on my queue, but not
> close to the beginning.  I'd be glad if someone out there could beat
> me to it.
>
> --__--__--
>
> Message: 3
> Date: Mon, 30 Sep 2002 18:04:17 +0200
> From: Tobias Geiger <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: [LARTC] RE:u32 filters and compression
>
> Hi,
>
> thanks for the thanks :)
> i looked at the whitepaper on www.peribit.com and it seems that they do
> much more than the standard (lzw-) compression:
> they use kind of proxy for cachable protocols, and their MSR ("Molecular
> Sequence Reduction", sounds great ! :) Algorithm to find repeating
> patterns even across multiple packets.
>
> although i can't really believe that this doesn't effect latency the
> technical approach sounds amazing.
>
> The great "disadvantage" is that u need such a box at both ends
> (obviously) unlike compressed pppd (at least i think windows understands
>   compressed-pppd, or?) which is more platform independent. But i admit
> this is like comparing apples with pears...
>
> Allan Gee wrote:
>  > Thanks: To Stef and Tobias Geiger for giving me the answer. I used
>  > the prio to get the order right. Don't know why I did'nt think of it
>  > myself. Compression: Another thing that might be useful to the list
>  > is the use of compression (Deflate etc.) to get better bandwidth
>  > across links. This requires a Linux router at both ends of the link.
>  > I got the idea from a product called Peribit see www.peribit.com (
>  > and mainly from Martin Devera who pointed out to me that Linux does
>  > compression already with ppp. ) I have now started to work on getting
>  > compression built into my traffic shaping/router products that are
>  > Linux based. Putting that in place of Cisco should be a much
>  > better/cheaper solution do you not think? One could even shape the
>  > port that the pppoe runs on. I have looked at Zebedee which also has
>  > a solution for "Windows" boxes. Anyway I've just started to do this
>  > and If anyone is interested I will let you know the outcome.
>  >
>  > Regards Allan Gee Equation 021 4181777 www.equation.co.za ,S
>  > f??)?+-?L)??Y???=jya???f??f?v?Z?_?j)fj??b??????ps?L?m??????r??/===
>
> --__--__--
>
> Message: 4
> From: "Rimas" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Date: Mon, 30 Sep 2002 17:11:22 +0100
> Subject: [LARTC] ip route
>
> This is a multi-part message in MIME format.
>
> ------=_NextPart_000_0258_01C268A4.66DDC390
> Content-Type: text/plain;
>         charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> Hi folks,
>
> How with ip route permanently delete default route and add a new one?
> I use RedHat 7.3.
>
> Thank you in advance
>
> Rimas
> ------=_NextPart_000_0258_01C268A4.66DDC390
> Content-Type: text/html;
>         charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML><HEAD>
> <META http-equiv=3DContent-Type content=3D"text/html; =
> charset=3Diso-8859-1">
> <META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
> <STYLE></STYLE>
> </HEAD>
> <BODY bgColor=3D#ffffff>
> <DIV><FONT face=3DArial size=3D2>
> <DIV><FONT face=3DArial size=3D2>Hi folks,</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
> <DIV><FONT face=3DArial size=3D2>How with ip route&nbsp;permanently =
> delete default=20
> route and&nbsp;add a new one?</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2>I use RedHat 7.3.</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
> <DIV><FONT face=3DArial size=3D2>Thank you in advance</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
> <DIV><FONT face=3DArial =
> size=3D2>Rimas</FONT></DIV></FONT></DIV></BODY></HTML>
>
> ------=_NextPart_000_0258_01C268A4.66DDC390--
>
> --__--__--
>
> Message: 5
> Date: Mon, 30 Sep 2002 11:42:40 -0500
> From: James Sneeringer <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: [LARTC] Rip problems
>
> On Sat, Sep 28, 2002 at 01:46:37PM -0400, Joseph Watson wrote:
> | EXPORT_GATEWAY="no"
> | SILENT="no"
>
> This should cause the equivalent of "routed -s" to be run.  The "-s" tells
> routed to send routing updates.  Check with "ps ax".  You can get further
> debugging out of it with "-d" and "-t".
>
> |   When I start routed, the appropriate routes show up in the portmaster after
> | about a 30 seconds, and all works good for about 2 1/2 minutes.  Then the
> | portmaster sets the Metric to 16 for the route to my subnet behind the
> | firewall, and routing quits working.
>
> PortMasters do this when they think they need to remove the route from the
> routing table.  They set the "O" flag (for obsolete, I guess) and set the
> metric to 16 (because 16 is the largest metric permitted by RIPv1).  The
> route will eventually disappear from the table unless another update is
> received.
>
> | If I restart routed, we will repeat the
> | process.  If I stop routed during the 2 1/2 mins, it will immediately set the
> | Met to 16.  This tells me that they are communicating because when I shut
> | routed down the metric is set to 16.  But why does this happen exactly at 2
> | 1/2 min??  I am quite confused?
>
> It sounds like routed isn't sending routing updates.  RIPv1 sends the whole
> routing table every 30 seconds to the broadcast address (which is why it
> takes about 30 seconds for the PortMaster to see the routes).  My guess is
> it's only sending out the initial announcement, and when the PM doesn't see
> subsequent announcements for a couple minutes, it drops the routes.
>
> If possible, consider using OSPF instead.  RIPv1 is quite obsolete and
> generally useless on subnetted networks like yours.  PortMasters have done
> OSPF since ComOS 3.5, and you can implement it on Linux with zebra or gated.
> For further PortMaster-specific help, consider subscribing to the
> [EMAIL PROTECTED] list.  See http://www.portmasters.com/
> for more info.
>
> -James
>
> --__--__--
>
> Message: 6
> Date: Mon, 30 Sep 2002 13:05:54 -0400
> From: "Michael T. Babcock" <[EMAIL PROTECTED]>
> Organization: FibreSpeed Ltd.
> To: Don Cohen <[EMAIL PROTECTED]>
> Cc: Simon Matthews <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> Subject: Re: [LARTC] Iptables, SNAT/MASQ,  Multiple gateways
>
> Don Cohen wrote:
>
> >I actually sent a proposal to this list that I think provides a good
> >solution to the general problem: an extension to TCP (possibly even
> >IP) that supports multiple addresses/ports.  This would even allow you
> >to switch addresses in the middle of a connection.  I think what I
> >
> >
> SCTP actually supports this already; look it up -- its quite a bit
> different from TCP but allows you to do all the same types of things,
> with more options.
>
> That said, a Zebra (routing software) plugin that would run iptables
> scripts would be all you'd need in many cases.
>
> --
> Michael T. Babcock
> C.T.O., FibreSpeed Ltd.
> http://www.fibrespeed.net/~mbabcock
>
> --__--__--
>
> Message: 7
> Date: Mon, 30 Sep 2002 20:11:58 +0200
> From: Jose Luis Domingo Lopez <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: [LARTC] Iptables, SNAT/MASQ,  Multiple gateways
>
> On Sunday, 29 September 2002, at 22:18:30 -0700,
> Don Cohen wrote:
>
> >  > ip route add default nexthop via $CONN1_IP dev $ETHX weight $X \
> >  >                      nexthop via $CONN2_IP dev $ETHX weight $Y
> >
> > Note that this only shapes outgoing traffic and also relies on your
> > ISPs to NOT do the ingress filtering that they're really supposed to do.
> >
> Just a note. The above routing doesn't prevent you from applying
> SNAT/MASQ to the outgoing traffic, at least not when you have an
> ethernet card for each connection (not the case) and you can know
> through each one the traffic will go out.
>
> So adding another ethernet card and a couple of "iptables" rules can
> avoid problems with ISPs filtering "alien" incoming traffic :)
>
> --
> Jose Luis Domingo Lopez
> Linux Registered User #189436     Debian Linux Woody (Linux 2.4.19-pre6aa1)
>
> --__--__--
>
> Message: 8
> From: "Rimas" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Date: Mon, 30 Sep 2002 19:28:36 +0100
> Subject: [LARTC] Two ISP and NAT
>
> This is a multi-part message in MIME format.
>
> ------=_NextPart_000_007A_01C268B7.92A0F0C0
> Content-Type: text/plain;
>         charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> Hi folks,
>
> I have 2 ISP Inet connections.
>
> 1 Inet I (eth0) use have used for everything (SMTP server, MASQ for =
> local network)
> I got the 2 INET (eth1)  and made some changes:
>
> They both have MASQ:
>     iptables -t nat -A POSTROUTING -o $EXTERNAL_INTERFACE_2 -j =
> MASQUERADE (2 Inet)
>     iptables -t nat -A POSTROUTING -o $EXTERNAL_INTERFACE_1 -j =
> MASQUERADE (1 Inet)
>
> I changed default route to eth1 and put some additional  route:=20
> ip route rep default via ext_ip2 dev eth1
> ip route add  1.2.3.4 via ext_ip1 (eth0)
>
> And now I'm having a problem with my email server (Lotus Notes on =
> Linux).
> It can send emails via SMTP but cannot use encrypted Lotus connection =
> and receive emails as well.
>
>  iptables -t nat -A PREROUTING -i $EXTERNAL_INTERFACE_1 -p tcp -d =
> $EXTERNALIP_1 --dport 25 \
>                                   -j DNAT --to-destination 1.2.3.196:25
>
> # Lotus Notes Encrypted connection (tcp 1352) port forward from eth0 to =
> internal ip 10.105.105.196 =20
>  iptables -t nat -A PREROUTING -i $EXTERNAL_INTERFACE_1 -p tcp -d =
> $EXTERNALIP_1 --dport 1352 \
>                                    -j DNAT --to-destination =
> 1.2.3.196:1352
>
> And how to route with ip route command that email server have to use not =
> the default route (eth1) but eth0.
>
> What I need to configure more to get working back my email server?
>
> Thank you in advance
>
> Rimas
>
> ------=_NextPart_000_007A_01C268B7.92A0F0C0
> Content-Type: text/html;
>         charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML><HEAD>
> <META http-equiv=3DContent-Type content=3D"text/html; =
> charset=3Diso-8859-1">
> <META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
> <STYLE></STYLE>
> </HEAD>
> <BODY bgColor=3D#ffffff>
> <DIV>
> <DIV><FONT face=3DArial size=3D2>Hi folks,</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
> <DIV><FONT face=3DArial size=3D2>I have 2 ISP Inet =
> connections.</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
> <DIV><FONT face=3DArial size=3D2>1 Inet I (eth0) use have used for =
> everything (SMTP=20
> server, MASQ for local network)</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2>I got the 2 INET (eth1) &nbsp;and made =
> some=20
> changes:</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
> <DIV><FONT face=3DArial size=3D2>They both have MASQ:</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; iptables -t nat -A =
> POSTROUTING=20
> -o $EXTERNAL_INTERFACE_2 -j MASQUERADE (2 Inet)<BR>&nbsp;&nbsp;&nbsp; =
> iptables=20
> -t nat -A POSTROUTING -o $EXTERNAL_INTERFACE_1 -j MASQUERADE (1=20
> Inet)</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
> <DIV><FONT face=3DArial size=3D2>I changed default route to eth1=20
> and&nbsp;</FONT><FONT face=3DArial size=3D2>put some additional&nbsp; =
> route:=20
> </FONT></DIV>
> <DIV><FONT face=3DArial size=3D2>ip route rep default via ext_ip2 dev =
> eth1<BR>ip=20
> route add&nbsp;&nbsp;1.2.3.4 via ext_ip1 (eth0)</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
> <DIV><FONT face=3DArial size=3D2>And now I'm having a problem with my =
> email server=20
> (Lotus Notes on Linux).</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2>It can send emails via SMTP but cannot =
> use=20
> encrypted Lotus connection and receive emails as well.</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
> <DIV><FONT face=3DArial size=3D2>&nbsp;iptables -t nat -A PREROUTING -i=20
> $EXTERNAL_INTERFACE_1 -p tcp -d $EXTERNALIP_1 --dport 25=20
> \<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
> bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
> sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
> -j DNAT --to-destination 1.2.3.196:25</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
> <DIV><FONT face=3DArial size=3D2># Lotus Notes Encrypted connection (tcp =
> 1352) port=20
> forward from eth0 to internal ip 10.105.105.196&nbsp; <BR>&nbsp;iptables =
> -t nat=20
> -A PREROUTING -i $EXTERNAL_INTERFACE_1 -p tcp -d $EXTERNALIP_1 --dport =
> 1352=20
> \<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
> bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
> sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
> -j DNAT --to-destination 1.2.3.196:1352</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
> <DIV><FONT face=3DArial size=3D2>And how to route with ip route command=20
> that&nbsp;email server&nbsp;have to&nbsp;use not the default route =
> (eth1) but=20
> eth0.</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
> <DIV><FONT face=3DArial size=3D2>What I need to configure more to get =
> working back=20
> my email server?</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
> <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
> <DIV><FONT face=3DArial size=3D2>Thank you in advance</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
> <DIV><FONT face=3DArial size=3D2>Rimas</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV></DIV></BODY></HTML>
>
> ------=_NextPart_000_007A_01C268B7.92A0F0C0--
>
> --__--__--
>
> Message: 9
> Date: Mon, 30 Sep 2002 22:24:03 +0000 (GMT)
> From: Julian Anastasov <[EMAIL PROTECTED]>
> To: "Michael T. Babcock" <[EMAIL PROTECTED]>
> Cc: Don Cohen <[EMAIL PROTECTED]>,
>         Simon Matthews <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> Subject: Re: [LARTC] Iptables, SNAT/MASQ,  Multiple gateways
>
>         Hello,
>
> On Mon, 30 Sep 2002, Michael T. Babcock wrote:
>
> > Don Cohen wrote:
> >
> > >I actually sent a proposal to this list that I think provides a good
> > >solution to the general problem: an extension to TCP (possibly even
> > >IP) that supports multiple addresses/ports.  This would even allow you
> > >to switch addresses in the middle of a connection.  I think what I
>
>         Yes, we can implement it as separate IP protocol :)
> Of course, at the beginning the idea may sound too stupid, we
> have to change that. May be there is already solution for that?
> A "simple" tunnel without encryption that will support failover
> and balancing of the negotiated traffic, ability to negotiate
> multiple IPs for each endpoint. Of course, there should be some
> problems with the proper tunneling of this traffic in each end,
> see how difficult is routed the IPSec traffic. Each endpoint will do
> failover detection of all negotiated links and will do balancing (if
> desired) over these links, based on relative ratio. This tunnel
> should be transparent to the upper layers (TCP/UDP/ICMP/SCTP).
>
> > SCTP actually supports this already; look it up -- its quite a bit
> > different from TCP but allows you to do all the same types of things,
> > with more options.
>
>         But this feature is only for SCTP. We want the traffic
> from one multihomed router to use multiple links when talking
> to another router, both understanding this "our new" IP tunneling
> protocol.
>
>         I see it in this way: when such packet is received, we
> decapsulate it and place it on the expected interface. As
> result, the upper layers will see the packet on the right
> input interface even if it is received on another input
> interface (for example, if it is the only alive).
>
> Regards
>
> --
> Julian Anastasov <[EMAIL PROTECTED]>
>
> --__--__--
>
> Message: 10
> Date: Mon, 30 Sep 2002 12:24:58 -0700 (PDT)
> From: Simon Matthews <[EMAIL PROTECTED]>
> To: Don Cohen <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED]
> Subject: Re: [LARTC] Iptables, SNAT/MASQ,  Multiple gateways
>
> On Mon, 30 Sep 2002, Don Cohen wrote:
>
> > Simon Matthews writes:
> >  > OK, this may be a reasonable approach, but how do I force it initiate
> >  > connections from the "fast" interface, yet allow it to fail over to the
> >  > slow interface if the sytem removes the route to the fast gateway because
> >  > it has detected that it is not responding?
> >
> > Off hand I don't know anything built in for this (I look forward to
> > hearing an answer from someone who does), but I don't think this is
> > really what you want anyway.  It's not as if your link is the only one
> > that could fail!
>
> Don, there are some kernel patches (already installed on my system) that
> support dead gateway detection and static routes. "Static" means that the
> routes are not forgotten when the system removes an interface because the
> gateway is not working.
>
> But the problem remains: how to handle this in iptables MASQ/SNAT
> commands? One can postulate that if the interface is removed because the
> gateway is dead, then the MASQ command will use the source related to the
> other gateway.
>
> However, the question now is: how to force the system to use the source
> address related to the "fast" gateway under normal operation while
> allowing a failover to the the slow gateway?
>
> Simon
>
> --__--__--
>
> Message: 11
> Date: Mon, 30 Sep 2002 12:26:43 -0700 (PDT)
> From: Simon Matthews <[EMAIL PROTECTED]>
> To: "Michael T. Babcock" <[EMAIL PROTECTED]>
> Cc: Don Cohen <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> Subject: Re: [LARTC] Iptables, SNAT/MASQ,  Multiple gateways
>
> On Mon, 30 Sep 2002, Michael T. Babcock wrote:
>
> > Don Cohen wrote:
> >
> >
> > That said, a Zebra (routing software) plugin that would run iptables
> > scripts would be all you'd need in many cases.
>
> The ISP that provides the "fast" connection won't provide any IGP routing
> information (RIP, OSPF, etc), so I don't think this is possible.
>
> >
> >
>
> --__--__--
>
> Message: 12
> Subject: RE: [LARTC] Iptables, SNAT/MASQ,  Multiple gateways
> Date: Mon, 30 Sep 2002 14:41:34 -0500
> From: "Greg Scott" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Cc: "Chris Leiseth (E-mail)" <[EMAIL PROTECTED]>
>
> =20
> > ip route add default nexthop via $CONN1_IP dev $ETHX weight $X \
> >                     nexthop via $CONN2_IP dev $ETHX weight $Y
> >
>
> Would this technique work for more than two gateways?  How many nexthop =
> clauses are allowed?  Is there a limit?
>
> thanks
>
> - Greg Scott
>
> --__--__--
>
> _______________________________________________
> LARTC mailing list
> [EMAIL PROTECTED]
> http://mailman.ds9a.nl/mailman/listinfo/lartc
>
> End of LARTC Digest

begin:vcard 
n:Diwakar;VedaVyas
tel;cell:98450 61219
tel;work:+91 80 6587116, 6582923
x-mozilla-html:FALSE
org:Yukthi Systems Pvt. Ltd.;www.yukthi.com
adr:;;;;;;
version:2.1
email;internet:[EMAIL PROTECTED]
title:Manager OPS
fn:VedaVyas Diwakar
end:vcard

[LARTC] Unsubscribe

Reply via email to