LARTC
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [LARTC] load balacing with https home banking

from [Luciano Ruete] [Permanent Link][Original]
To: lartc@mailman.ds9a.nl
Subject: Re: [LARTC] load balacing with https home banking
From: Luciano Ruete <luciano@lugmen.org.ar>
Date: Tue, 19 Dec 2006 21:21:30 -0300
Delivered-to: sp-com-lists@consult.net
Delivered-to: lartc-list@securepoint.com
Delivered-to: lartc@outpost.ds9a.nl
In-reply-to: <BAY103-DAV11F47A9149A006B2341CF5B2D00@phx.gbl>
List-archive: <http://mailman.ds9a.nl/pipermail/lartc>
List-help: <mailto:lartc-request@mailman.ds9a.nl?subject=help>
List-id: "Mailinglist of the Linux Advanced Routing &amp; Traffic Control project" <lartc.mailman.ds9a.nl>
List-post: <mailto:lartc@mailman.ds9a.nl>
List-subscribe: <http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=subscribe>
List-unsubscribe: <http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=unsubscribe>
References: <BAY103-DAV11F47A9149A006B2341CF5B2D00@phx.gbl>
Sender: lartc-bounces@mailman.ds9a.nl
User-agent: KMail/1.9.5 
On Monday 11 December 2006 08:15, Marco Berizzi wrote:
> Hello everybody.
> I'm running linux 2.6.19 with nth match to
> alternatively snat outgoing connections to
> two different ip addresses for load balancing
> between two adsl lines:
> Here is:
>
> $IPTABLES -t nat -A POSTROUTING -s my_ip --protocol tcp -m
> multiport --dports 80,443 -m statistic --mode nth --every 2 -j SNAT --to
> adslA
> $IPTABLES -t nat -A POSTROUTING -s my_ip --protocol tcp -m
> multiport --dports 80,443 -j SNAT --to adslB
>
> Things are working pretty good, but some
> applications (https home banking for example),
> don't work correctly (because the remote
> server see two different ip addresses). Is
> there any trick to tell iptables to snat
> always with the same source ip for the same
> destination host? I have also modified SNAT
> with SAME, but no luck.

You need to use iptables CONNMARK to keep track of "wich conn" with "wich 
ISP", see this[1] thread for reference and a nano HOWTO.

[1]http://mailman.ds9a.nl/pipermail/lartc/2006q2/018964.html
-- 
Luciano
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [LARTC] Override dead, John Philips
Next by Date:  [LARTC] Disable netfilter for bridged traffic, senthil
Previous by Thread:  Re: [LARTC] load balacing with https home banking, Fabrício F. Feijó
Next by Thread:  Re: [LARTC] load balacing with https home banking, Marco Berizzi
Indexes:  [Date] [Thread] [Top] [All Lists]