In article <[EMAIL PROTECTED]>,
jamal <[EMAIL PROTECTED]> wrote:
>>What this does is:
>>1. Permanently disable the load balancing that was working, (with the
>>same gateway on both interfaces; see my other posting on this
>>thread) and
>>2. Nothing else, as far as I can tell.
>
>Well, from your post i gathered your main problem was to get the port
>80 packets going to the goodisp -- not load balancing. You should probably
>try to resolve that first.
The load balancing is useless to me if the port 80 split routing isn't
happening--otherwise, half of outgoing HTTP connections will hit badISP
and fail.
When I try to combine that with extra routing tables for port 80, the
load balancing goes away under mysterious circumstances.
It looks like I'm using a code path that nobody else has tested before.
It also is beginning to look like I can't do what I want even if the
features that already exist were all working properly. Some questions:
What happens to ipchains marks when IP masquerade happens to a forwarded
packet? If the mark goes away, so does the special-case routing.
This might explain why I can't get packets destined for port 80 routed
somewhere else when sent through the (masquerading) firewall. Or it could
mean that I gave up on it too early last night--I can't leave this machine
without working routing tables for very long before things start to break,
so my experiment windows are always very short.
How do you use ipchains to mark a packet before it hits the routing
table code? For example, if a process on the firewall itself opens a
connection to port 80, how does ipchains mark the packet before the
local source address and outgoing network interface are selected?
I don't think this is possible unless there are some features I don't
know about yet.
>>It looks like there are bugs lurking here. Here's the initial setup:
>>
>>route add default gw goodISPgateway goodISPdev
>>route add goodISPgateway badISPdev
>>route add default gw goodISPgateway badISPdev
>
>Why is it the same gateway for both paths?
Because the equal cost multipath code won't work otherwise, at least not
with the recipe I was given by Dale Botkin elsewhere on this thread.
Once the gateways are identical the equal-cost stuff kicks in; with
different gateways (even with the same metric) only one of the interfaces
is used. But then you have a different approach in your last message
which I'll try later.
>Try, instead:
[snipped]
It'll be a day or two before I get a chance to try this again, but I
will try this as soon as I have a chance.
--
Zygo Blaxell, Linux Engineer, Corel Corporation. [EMAIL PROTECTED] (work) or
[EMAIL PROTECTED] (play). Opinions above are my own, not Corel's.
Linux washu 2.2.8 #2 Thu May 13 21:14 EDT 1999 i686 up 2 days, 3:59
Linux mokona 2.2.9 #1 Jun 12 02:07 EDT 1999 i586 up 18:34
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
