[CentOS] Routing issue
Manish Kathuria
mkathuria at tuxtechnologies.co.in
Wed Oct 3 13:41:52 UTC 2012
On Wed, Oct 3, 2012 at 7:00 PM, Steve Clark <sclark at netwolves.com> wrote:
> On 10/03/2012 08:46 AM, Manish Kathuria wrote:
>
> I was under the impression that you are running a FTP server inside
> and were facing problems with the incoming traffic for the same. If
> you are primarily concerned with the outgoing traffic through two ISP
> links, please follow the following steps:
>
> 1. Refer to http://www.ssi.bg/~ja/nano.txt for creating your rules.
> 2. Recompile the kernel after applying Julian Anistov's routes patch
> (the URL is there in the earlier messages).
> 3. Make a script to check the status of the links and change the
> default gateway accordingly. Let me know if you need a script.
> 4. Make sure that your firewall (iptables) is stateful and allows
> related and established connections and the NAT and connection
> tracking modules (nf_conntrack, nf_conntrack_ftp, nf_nat and
> nf_nat_ftp) are loaded.
>
> I have followed this approach at a number of places without any
> problems related to FTP or other protocols. The only issue I faced was
> that the patch failed for all the CentOS 5.x kernels I tried (perhaps
> due to some conflict with an existing patch). But its working
> perfectly for the kernels in CentOS 6 and 6.1.
>
> Thanks,
> --
> Manish
>
> Hi Manish,
>
> Thanks for the response.
> It is good to know there is a general solution. It is too bad that
> the referenced patches were never merged into to main kernel tree, forcing
> people
> to have to build and maintain their own kernel.
>
>
> --
> Stephen Clark
In case you want to avoid compiling the kernel and are comfortable
with FreeBSD, try pfSense, it also offers outbound load balancing and
failover for multiple WAN links.
--
Manish Kathuria
More information about the CentOS
mailing list