multigroup fwmark question

[Joseph Mack <mack.joseph@xxxxxxx>]

I am trying to set up two fwmarks groups

1. ftp,ftp-data
2. http,https

I expect ftp requests to go to group 1, but they go to group 2.

Here's my setup.

iptables commands on my 0.2.7-2.4.2 director (VIP=192.168.2.110=lv2.mack.net)

director:# iptables -t mangle -A PREROUTING -i eth1 -p tcp -s 0.0.0.0/0 -d
192.168.2.110/32 --dport ftp -j MARK --set-mark 1
director:# iptables -t mangle -A PREROUTING -i eth1 -p tcp -s 0.0.0.0/0 -d
192.168.2.110/32 --dport ftp-data -j MARK --set-mark 1
director:# iptables -t mangle -A PREROUTING -i eth1 -p tcp -s 0.0.0.0/0 -d
192.168.2.110/32 --dport http -j MARK --set-mark 2
director:# iptables -t mangle -A PREROUTING -i eth1 -p tcp -s 0.0.0.0/0 -d
192.168.2.110/32 --dport https -j MARK --set-mark 2


director:# iptables -L -t mangle
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
MARK       tcp  --  anywhere             lvs2.mack.net      tcp dpt:ftp MARK set
0x1
MARK       tcp  --  anywhere             lvs2.mack.net      tcp dpt:ftp-data
MARK set 0x1
MARK       tcp  --  anywhere             lvs2.mack.net      tcp dpt:www MARK set
0x2
MARK       tcp  --  anywhere             lvs2.mack.net      tcp dpt:https MARK
set 0x2

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


which (to me) shows that I've set 2 groups of fwmarks.

Here's my ipvsadm commands

ipvsadm -A -f 1 -s rr -p 30
ipvsadm -a -f 1 -r sneezy.mack.net:0 -g -w 1
ipvsadm -a -f 1 -r bashfull.mack.net:0 -g -w 1
ipvsadm -A -f 2 -s rr -p 30
ipvsadm -a -f 2 -r sneezy.mack.net:0 -g -w 1
ipvsadm -a -f 2 -r bashfull.mack.net:0 -g -w 1


ftp'ing to the VIP, the connection should go to FWM=1.
Here's the output from ipvsadm

director:# ipvsadm
IP Virtual Server version 0.2.7 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port               Forward Weight ActiveConn InActConn
FWM  1 rr persistent 30
  -> bashfull.mack.net:0              Route   1      0          0
  -> sneezy.mack.net:0                Route   1      0          0
FWM  2 rr persistent 30
  -> bashfull.mack.net:0              Route   1      1          1
  -> sneezy.mack.net:0                Route   1      0          0

which shows that ftp goes to FWM=2.
http requests go to FWM=2 (which I expect)

Any ideas anyone?

Thanks
Joe
-- 
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center, 
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA