|
iptables modules random and nth
Howdy,
Back in the linux 2.4 days with iptables, I was able to use a module called random, which would basically randomize outbound connections. It was used mostly in the mangle table. Now, I am trying to recompile a new kernel (2.6.24) and new iptables, but for the life of me, I can not find how to get the random module back. I have read some posts saying to use patch-o-matic....but patch-o-matic does not work. When I do make menuconfig, I don't see random anywhere under the netfilter modules. This is what it looks like when it works: Code:
43884 5105K ETH1 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 random 50%Now, when I try and load the module, I get this: Code:
[root@gateway scripts]# iptables -t mangle -A OUTPUT -o ! eth1 -m random --average 50 -j ETH1I would like to use random because I have a dual-wan setup, and I need iptables to randomly choose which interface to go out of. If you need any other info, let me know! Thanks! John |
One suggestion I have, is rather than use 'menuconfig' use xconfig instead (I hope you can run X) and from xconfig, use the EDIT--> SEARCH function from the menu, and search for 'random' and you will see any/all locations of the word 'random' within the kernel build.
FWIW, I have the full IPtables stuff all set up on my machine (all modules, 2.6.24.4), and I cannot locate a *random*.so anywhere. Maybe what you might want to look into is the Linux Kernel BONDING driver, which can bond 2 ethernet NICs in various modes, like auto-fallback, load-balance, round-robin, etc.. It may or may not help resolve your exact desires/situation, but IS a way of selecting 1 of 2 or more WANs (NICs) to use at a given time.. you could maybe have them called eth0:0 and eth0:1 and just use some sort of arbitrary method (or the round-robin mode) to randomly choose between the 2.... ?? Hope this helps even a tiny bit :) Sasha |
Except, I don't think with the bonding module you can do that with cable modems.....or can you?? And does it work with DHCP??
|
I wouldn't see why not re: post#3 --
Cable Modem is an Ethernet connection (connects to the ether net port) and also as such, I don't see why DHCP wouldn't work. You will need to look into the bonding documentation (usually included with your DOCS with your distro) or on Google. It should be easy to find. I haven't messed with it in a while, so I can't answer with specifics. But the text docs are pretty decent. :) Sasha |
You can use iproute2 to do that. http://lartc.org/howto/lartc.rpdb.multiple-links.html
|
Quote:
I am using that, but, I found you need to do some iptables rules with it too, if you use iptables, which I do. Plus, random is better because even though the routes are cached in ip route, random will override the gateway, and send it out whichever interface is next.....so if you break a download up into 10 parts, 5 parts will be over one link, 5 parts will be over the second link. |
There is a kernel patch to fix the route caching problem take a look at it http://www.ssi.bg/~ja/#multigw
|
iptables statistics
in new kernels the implementations of nth an random is in modules statistics an it's part of iptables
|
Quote:
Is there any documentation for this? |
doc iptables
the ip tables is
iptables -t nat -m statistic --mode nth --help and man iptables |
Hi
Thanks for you information Does implementing these solutions (BONDING driver,iptables's nth module,iproute2 and etc ) for load balancing create some issue for connection? because using these solutions cause source IP of connections and sessions changed and may connection or session is lost. thanks for any help or guidance |
iptables
|
| All times are GMT -5. The time now is 04:30 PM. |