diff options
| author | slioch <slioch@eng-140.vyatta.com> | 2009-06-08 14:17:45 -0700 |
|---|---|---|
| committer | slioch <slioch@eng-140.vyatta.com> | 2009-06-08 14:21:18 -0700 |
| commit | 8df8f875d33bccdf5cd4a56cee7bef13f7fac7f9 (patch) | |
| tree | a0e7262f27b88549ee1899df53df3a203f8023af /src/lbdecision.cc | |
| parent | e3d168147b3b36d4bc026170336bb4455ed6c75e (diff) | |
| download | vyatta-wanloadbalance-8df8f875d33bccdf5cd4a56cee7bef13f7fac7f9.tar.gz vyatta-wanloadbalance-8df8f875d33bccdf5cd4a56cee7bef13f7fac7f9.zip | |
fix for bug 4130. Requires additional configuration outside WLB to support network reachability determination. All locally source routes need an entry in table
main that satisfies reachability requirements.
This is due to the output mangle table being processed after reachability determination for locally sourced routes.
Note that routes will still be subject to routing by WLB (provided they match the WLB rule set).
Diffstat (limited to 'src/lbdecision.cc')
| -rw-r--r-- | src/lbdecision.cc | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/lbdecision.cc b/src/lbdecision.cc index 7030cf3..56c772d 100644 --- a/src/lbdecision.cc +++ b/src/lbdecision.cc @@ -118,6 +118,8 @@ if so then this stuff goes here! execute(string("iptables -t raw -A NAT_CONNTRACK -j ACCEPT"), stdout); execute(string("iptables -t raw -D PREROUTING 1"), stdout); execute(string("iptables -t raw -I PREROUTING 1 -j NAT_CONNTRACK"), stdout); + execute(string("iptables -t raw -D OUTPUT 1"), stdout); + execute(string("iptables -t raw -I OUTPUT 1 -j NAT_CONNTRACK"), stdout); LBData::InterfaceHealthIter iter = lbdata._iface_health_coll.begin(); @@ -233,6 +235,7 @@ LBDecision::run(LBData &lb_data) //then if we do, flush all execute("iptables -t mangle -F PREROUTING", stdout); + execute("iptables -t mangle -F OUTPUT", stdout); //new request, bug 4112. flush conntrack tables if configured if (lb_data._flush_conntrack == true) { @@ -248,6 +251,7 @@ LBDecision::run(LBData &lb_data) if (iter->second._exclude == true) { execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -j ACCEPT", stdout); + execute(string("iptables -t mangle -A OUTPUT ") + app_cmd + " -j ACCEPT", stdout); } else { map<int,float> weights = get_new_weights(lb_data,iter->second); @@ -263,19 +267,24 @@ LBDecision::run(LBData &lb_data) sprintf(dbuf,"%d",w_iter->first); if (lb_data._enable_source_based_routing) { execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout); + execute(string("iptables -t mangle -A OUTPUT ") + app_cmd + " -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout); } else { execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -m state --state NEW -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout); + execute(string("iptables -t mangle -A OUTPUT ") + app_cmd + " -m state --state NEW -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout); } } sprintf(dbuf,"%d",(--weights.end())->first); if (lb_data._enable_source_based_routing) { execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -j ISP_" + dbuf, stdout); + execute(string("iptables -t mangle -A OUTPUT ") + app_cmd + " -j ISP_" + dbuf, stdout); } else { execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -m state --state NEW -j ISP_" + dbuf, stdout); + execute(string("iptables -t mangle -A OUTPUT ") + app_cmd + " -m state --state NEW -j ISP_" + dbuf, stdout); } execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -j CONNMARK --restore-mark", stdout); + execute(string("iptables -t mangle -A OUTPUT ") + app_cmd + " -j CONNMARK --restore-mark", stdout); } } ++iter; @@ -294,6 +303,7 @@ LBDecision::shutdown(LBData &data) //then if we do, flush all execute("iptables -t mangle -F PREROUTING", stdout); + execute("iptables -t mangle -F OUTPUT", stdout); //clear out nat as well execute("iptables -t nat -F WANLOADBALANCE", stdout); |