Help : Load Balancing trouble

From: Judicator (judicator_at_ifrance.com)
Date: 02/26/05 

Date: Sat, 26 Feb 2005 03:20:44 +0100

Hello,

I have a load balanced linux router working (thanks to lartc website).

In fact, It's working too much well ..... Some protocols, like IM
protocols (ICQ, MSN) need to keep the same route with the server .....
And my system is keeping switching route for each data sent ..... and
cause disconections or the IM network is impossible to connect ......

Is there a way to force a specific route depending on the destination
ports ?

An iptable rule missing ? an ip route setting missing ? don't know

Thanks for your help !

Here is my ip route list (I've put some X for security reason):

82.234.XXX.0/24 dev eth0 proto kernel scope link src 82.234.XXX.XXX
192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.254
82.228.XXX.0/24 dev eth2 proto kernel scope link src 82.228.XXX.XXX
default equalize
         nexthop via 82.234.XXX.XXX dev eth0 weight 1
         nexthop via 82.228.XXX.XXX dev eth2 weight 1

Here is my iptable rules :

Chain INPUT (policy DROP)
target prot opt source destination
INETIN all -- anywhere anywhere
ACCEPT all -- 192.168.0.0/24 anywhere
ACCEPT all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
INETIN all -- anywhere anywhere
INETOUT all -- anywhere anywhere
ACCEPT all -- 192.168.0.0/24 anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
INETOUT all -- anywhere anywhere

Chain INETIN (2 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp
echo-request
ACCEPT icmp -- anywhere anywhere icmp
echo-reply
ACCEPT all -- anywhere anywhere state
ESTABLISHED
ACCEPT udp -- anywhere anywhere udp
dpts:1024:65535
ACCEPT tcp -- anywhere anywhere tcp
dpts:1024:65535

Chain INETOUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain LOG_ACCEPT (0 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level
warning
ACCEPT all -- anywhere anywhere

Chain LOG_DROP (0 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level
warning
DROP all -- anywhere anywhere

Relevant Pages

  • RR: Cheddar Gorge 300
    ... The major problem on this leg was the Turnbull Effect, ... does his best to discourage me with tales of the hills to come: ... the chain disappeared up its tube like a rat up a drainpipe. ... Chew Stoke whereafter my route sheet referred to "Cycle Route 3". ...
    (uk.rec.cycling)
  • Re: iptables, port scan, sendmail overload
    ... Assuming this is a firewall problem (likely, but may not be the only ... Chain CHECK_INVALID (3 references) ... avg 1/hour burst 2 LOG level warning prefix `TFW INVALID ...
    (comp.os.linux.security)
  • Help: Mandriva failure to share Internet connection
    ... I have a Mandriva LE 2005 Desktop connected to the Internet via eth1 (static ... Chain INPUT ... prefix `Shorewall:FORWARD:REJECT:' ... Chain DropDNSrep (2 references) ...
    (comp.os.linux.networking)
  • Shorewall for web server?
    ... I have shorewall working perfectly on my little home LAN, ... Now I'd like to allow access to a web-server (httpd) ... Chain DropDNSrep (2 references) ...
    (Fedora)
  • Re: ftp passive mode and iptables
    ... > Chain FORWARD ... > Chain ACCEPTnLOG (0 references) ... warning prefix `gShield ' ...
    (comp.security.firewalls)