LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-09-2015, 07:43 AM   #1
sekarlinux
Member
 
Registered: Dec 2011
Posts: 47

Rep: Reputation: Disabled
IPtables rules are not working in RHEL- 6.5 and it was working in RHEL5.9


Hi Friends,

I have migrated from RHEL-5.9 to RHEL-6.5 on my server. But iptables rules are not working in RHEL-6.5 as it is working with RHEL-5.9 with the same rules. Please check my rules and details are below.

eth1 for incoming traffic
ppp0,ppp1,ppp2 and ppp3 are DSL connection and it using for outgoing traffic.

I am able to send the traffic through each line separately but could not load-balance with all ppp interfaces through iptables.

I am using iptable mangle rules to distribute the traffic.

/sbin/iptables -t mangle -A OUTPUT -p tcp -m statistic --mode nth --every 4 --packet 0 -m tcp --tcp-flags FIN,SYN,ACK SYN -j MARK --set-mark 1
/sbin/iptables -t mangle -A OUTPUT -p tcp -m statistic --mode nth --every 4 --packet 1 -m tcp --tcp-flags FIN,SYN,ACK SYN -j MARK --set-mark 2
/sbin/iptables -t mangle -A OUTPUT -p tcp -m statistic --mode nth --every 4 --packet 2 -m tcp --tcp-flags FIN,SYN,ACK SYN -j MARK --set-mark 3
/sbin/iptables -t mangle -A OUTPUT -p tcp -m statistic --mode nth --every 4 -m tcp --tcp-flags FIN,SYN,ACK SYN -j MARK --set-mark 4

/sbin/ip route add table ppp0 default dev ppp0
/sbin/ip route add table ppp1 default dev ppp1
/sbin/ip route add table ppp2 default dev ppp2
/sbin/ip route add table ppp3 default dev ppp3

/sbin/ip rule add fwmark 1 pref 200 table ppp1
/sbin/ip rule add fwmark 2 pref 200 table ppp2
/sbin/ip rule add fwmark 3 pref 200 table ppp3
/sbin/ip rule add fwmark 4 pref 200 table ppp0

/sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -o ppp1 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -o ppp2 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -o ppp3 -j MASQUERADE

/sbin/ip route app default equalize nexthop dev ppp0 nexthop dev ppp1 nexthop dev ppp2 nexthop dev ppp3

It was not working completely and after read some article to change the kernel parameter I am able to send the traffic but it is working only for some time and dropping connections without any errors.

"echo 2 > /proc/sys/net/ipv4/conf/default/rp_filter
"echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter"
"net.ipv4.conf.default.rp_filter = 2"

The same rules were working perfectly in RHEL-5.9. Do i need to change any other kernel parameter get this done?

Please let me know what are the kernel parameters have to be changed to get this working as like RHEL-5.9 ?

Thanks,
Sekar
 
Old 02-14-2015, 10:58 AM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 18,722

Rep: Reputation: 4137Reputation: 4137Reputation: 4137Reputation: 4137Reputation: 4137Reputation: 4137Reputation: 4137Reputation: 4137Reputation: 4137Reputation: 4137Reputation: 4137
Quote:
Originally Posted by sekarlinux View Post
Hi Friends,
I have migrated from RHEL-5.9 to RHEL-6.5 on my server. But iptables rules are not working in RHEL-6.5 as it is working with RHEL-5.9 with the same rules. Please check my rules and details are below.

eth1 for incoming traffic ppp0,ppp1,ppp2 and ppp3 are DSL connection and it using for outgoing traffic. I am able to send the traffic through each line separately but could not load-balance with all ppp interfaces through iptables. I am using iptable mangle rules to distribute the traffic.

It was not working completely and after read some article to change the kernel parameter I am able to send the traffic but it is working only for some time and dropping connections without any errors.

The same rules were working perfectly in RHEL-5.9. Do i need to change any other kernel parameter get this done? Please let me know what are the kernel parameters have to be changed to get this working as like RHEL-5.9 ?
You don't say which articles you read, but the obvious solution would be to contact Red Hat support....RHEL6 is NOT free, and when you pay for it, you get support with it. They can help you work through this. There is an article on Red Hat's knowledgebase that deals with IPtables and RHEL6, but unless you have a valid customer ID, you won't be able to access it.

You mention that you made changes...are they not persistent, given the echo statements you posted?
 
Old 02-14-2015, 12:45 PM   #3
JockVSJock
Senior Member
 
Registered: Jan 2004
Location: SATX
Distribution: RHEL/CentOS
Posts: 1,210
Blog Entries: 4

Rep: Reputation: 131Reputation: 131
How do you know that moving to a different version of RHEL that it is no longer load balancing? Are you getting some sort of output saying this? End users complaining?

I am curious about the error message.

I did find this, however this from iptables 1.1.19

http://www.faqs.org/docs/iptables/mangletable.html

Quote:
You are strongly advised not to use this table for any filtering; nor will any DNAT, SNAT or Masquerading work in this table.
Also do you know what version of iptables you were working with Vs what you have now?

Last edited by JockVSJock; 02-14-2015 at 12:51 PM.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Iptables Rules not working redssr Debian 3 02-20-2014 08:19 AM
after new iptables rules proftpd stopped working arty Linux - Server 4 07-01-2009 01:18 AM
Some iptables rules are not working on Ubuntu 8.10 server PossumJerky Linux - Security 1 02-04-2009 07:47 AM
IPTABLES rules not working right Bobbyd4 Linux - Security 2 04-03-2007 12:05 AM
iptables rules aren't working Kinstonian Linux - Networking 4 04-21-2003 03:14 PM


All times are GMT -5. The time now is 01:50 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration