<no subject>

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello, 
for load tests of a application, which requires a own IP address for each 
User, and have to support hundred of thousand ... millons of users, I try to 
simulate the users and handle the ip issues with netfilter. I'd like to 
avoid promiscous mode and virtual interfaces. 
 
Every Linux test box handle for examle 65.000 users. 
The test application fakes during sending the source ip, so for the app 
server it looks ok. 
On the app server some additional routing entries route the packets to the 
users according to the range of user ip's to the specific Linux test box. So 
netfilter should forward these incoming packets to the local test 
application: 
iptables -t nat -A PREROUTING -i eth0 -p udp --dst 10.132.0.0/16 \ 
-j REDIRECT --to-port 5000 
and the test app can ask for the original destination using getsockopt() - 
like squid.                                                                                                                                      
but I don't see the answers in the PREROUTING queue? 
They are visible with ethereal on eth0, but also a plain logging rule:                                                                                
iptables -t nat -A PREROUTING -j LOG Prerouting 
doesn't show the incoming packets??? 
BUT they are listed in the mangle table (but here I cannot use the REDIRECT 
target). 
 
A very interesting thing: 
If I modify the route showing to a different Linux box and use there a DNAT 
rule instead of REDIRECT, then it works as expected. Of course this has the 
disadvantage, that the information about the original destination IP is 
lost, so why it doesn't work on the local system? 
Does the use of the spoof during send create some implicite rules, so that 
later answers to that are not visible in the PREROUTING queue? 
Any tipps would be nice. 
 
Thanks 
Frank    
 -- 
For every complex problem there is a solution 
which is simple, neat and -- wrong. 
 
_____________________________________________________________________
Endlich SMS mit Bildern versenden! Das Bild selbst ist dabei gratis,
Sie bezahlen lediglich den Versand. http://freemail.web.de/?mc=021195



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux