Re: [LARTC] Split access, load balancing AND forwarding: HOW?

[Luciano Ruete <luciano@lugmen.org.ar>]

On Thursday 22 February 2007 01:57, Ming-Ching Tiew wrote:
> From: "Ming-Ching Tiew" <mingching.tiew@redtone.com>
>
> > I would say it would be better to re-order the the iptables command :-
> >
> > #restore mark before ROUTING decision
> > iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
> > #by-pass rules if it is already MARKed
> > iptables -t mangle -A POSTROUTING -m mark  --mark ! 0 -j ACCEPT
> > #1st packets(from a connection) will arrive here
> > iptables -t mangle -A POSTROUTING -o eth1 -j MARK --set-mark 0x1
> > iptables -t mangle -A POSTROUTING -o eth2 -j MARK --set-mark 0x2
> > iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark
> >
> > ie restore-mark is moved to the top.
>
> On more careful reading, I am wondering why it is using POSTROUTING ?
>
> Shouldn't it all be PREROUTING ?

_NO_, cause i need that 'multipath routing' makes the 'weighted routing 
decision' in the first packet of each new connection. Once it is routed, all 
the other packets from same flow are hacked in PREROUTING, they mark are 
resotred and ip rule garantize that they will go by the same gateway as the 
first packet.

This solution works in theory and in practice, so plz, get your hands dirty 
before you post your next great idea.

-- 
Luciano
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc