LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-19-2009, 09:21 PM   #1
landysaccount
Member
 
Registered: Sep 2008
Location: Dominican Republic
Distribution: Debian
Posts: 188

Rep: Reputation: 18
Lost connections when using iproute2


Hello.

Recently I used Debian Etch to create a low-end load balance server with iproute2 using two DSL connection at 1.5Mbps each. The only iproute code I used was this:

ip route add default scope global nexthop via $ETH0_GW dev $EXT0_IFACE weight 1 nexthop via $ETH1_GW dev $EXT1_IFACE weight 1

What that line is supposed to do is to send one packet on eth0 and another on eth1 and so on. But, when I try to connect from the internet to the server via ssh I guess the connection gets lost or confused since the response gets returned from different ip's and I guess doesn't find a route /way to the client.

What can I use to make sure that when a new SSH connection comes into an interface that all the ssh traffic from the server is directed through that interface?

Thanks in advanced for your help.
 
Old 02-20-2009, 03:42 AM   #2
arckane
Member
 
Registered: Sep 2005
Location: UK
Distribution: Gentoo/Debian/Ubuntu
Posts: 307

Rep: Reputation: 38
From what I can recall you need to make sure established traffic remains on the same nic. Adapt this script to help

Code:
$IFI =eth0
$IPI = 10.0.0.1
$NWI = 10.0.0.0
$NMI = 24

$IFE1 =eth1
$IPE1 =192.168.0.2
$NME1 =29
$NWE1 = 192.168.0.0
$GWE1 = 192.168.0.1

$IFE2 = eth2
$IPE2 = 172.16.0.2
$NME2 = 29
$NEW2 = 172.16.0.0
$GWE2 = 172.16.0.1

echo "Clear old rules"
#Clear out old rules
ip rule show | grep -Ev '^(0|32766|32767):|iif lo' \
  | while read PRIO NATRULE; do
  ip rule del prio ${PRIO%%:*} $( echo $NATRULE | sed 's|all|0/0|' )
done

echo "Setting Loopback route"
ip link set lo up
ip addr add 127.0.0.1/8 brd + dev lo

echo "Setting ETH0/Internal route"
ip link set $IFI up
ip addr add $IPI/$NMI brd + dev $IFI
ip rule add prio 50 table main
ip route del default table main

echo "Setting External Interfaces without gateway or Route"
ip link set $IFE1 up
ip addr flush dev $IFE1
ip addr add $IPE1/$NME1 brd $BRD1 dev $IFE1
ip addr add 192.168.0.3/29 brd $BRD1 dev $IFE1 label eth1:2
ip addr add 192.168.0.4/29 brd $BRD1 dev $IFE1 label eth1:5

ip link set $IFE2 up
ip addr flush dev $IFE2
ip addr add $IPE2/$NME2 brd $BRD2 dev $IFE2
ip addr add 172.16.0.2/29 brd $BRD2 dev $IFE2 label eth2:2

echo "Set Established traffic to use same IF"
ip rule add prio 201 from $NWE1/$NME1 table 201
ip route add default via $GWE1 dev $IFE1 src 192.168.0.3 proto static table 201
ip route add default via $GWE1 dev $IFE1 src 192.168.0.4 proto static table 201
ip route add default via $GWE1 dev $IFE1 src $IPE1 proto static table 201
ip route append prohibit default table 201 metric 1 proto static


ip rule add prio 202 from $NWE2/$NME2 table 202
ip route add default via $GWE2 dev $IFE2 src 172.16.0.3 proto static table 202
ip route add default via $GWE2 dev $IFE2 src $IPE2 proto static table 202
ip route add default via $GWE2 dev $IFE2 table 202
ip route append prohibit default table 202 metric 1 proto static

echo "Default Multipath Route and setting weights!"
ip rule add prio 222 table 222

#ETH1 is a lot faster
ip route add default table 222 proto static \
   nexthop via $GWE1 dev $IFE1 weight 3 \
   nexthop via $GWE2 dev $IFE2 weight 1

Next up is the iptables part of it all with source natting.
echo "Setting the Chains on Filter and Nat"
$IPTABLES -t filter -N keep_state
$IPTABLES -t filter -A keep_state -m state --state RELATED,ESTABLISHED \
   -j ACCEPT
$IPTABLES -t filter -A keep_state -j RETURN

$IPTABLES -t nat -N keep_state
$IPTABLES -t nat -A keep_state -m state --state RELATED,ESTABLISHED \
   -j ACCEPT
$IPTABLES -t nat -A keep_state -j RETURN

echo "Setting Jumps for PRE POST OUT IN FORWARD OUT for NAT and FILTER"
$IPTABLES -t nat -A PREROUTING -j keep_state
$IPTABLES -t nat -A POSTROUTING -j keep_state
$IPTABLES -t nat -A OUTPUT -j keep_state
$IPTABLES -t filter -A INPUT -j keep_state
$IPTABLES -t filter -A FORWARD -j keep_state
$IPTABLES -t filter -A OUTPUT -j keep_state
Found that via another site, but it should help.
 
Old 02-20-2009, 02:09 PM   #3
landysaccount
Member
 
Registered: Sep 2008
Location: Dominican Republic
Distribution: Debian
Posts: 188

Original Poster
Rep: Reputation: 18
Thanks for replying.

The script looks good and Ill tested on our server. The only thing I don't understand is what are the ips 192.168.0.3 and 192.168.0.4 come from?

Thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
multiple internet connections iproute2 UDP problems razza Linux - Networking 1 04-27-2008 08:29 AM
Lost SSH connections after idle Alysum Linux - Networking 1 12-10-2007 11:12 AM
lost (*some*) internet connections after yum update jake* Linux - General 3 12-18-2006 08:22 AM
Lost All Win95 connections to Samba dgermann Linux - Networking 12 08-07-2006 10:55 PM
Help with iproute2 warwolf Linux - Networking 1 05-13-2005 10:25 AM


All times are GMT -5. The time now is 01:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration