On Wed, Oct 3, 2012 at 7:00 PM, Steve Clark <sclark@xxxxxxxxxxxxx> wrote: > On 10/03/2012 08:46 AM, Manish Kathuria wrote: > > I was under the impression that you are running a FTP server inside > and were facing problems with the incoming traffic for the same. If > you are primarily concerned with the outgoing traffic through two ISP > links, please follow the following steps: > > 1. Refer to http://www.ssi.bg/~ja/nano.txt for creating your rules. > 2. Recompile the kernel after applying Julian Anistov's routes patch > (the URL is there in the earlier messages). > 3. Make a script to check the status of the links and change the > default gateway accordingly. Let me know if you need a script. > 4. Make sure that your firewall (iptables) is stateful and allows > related and established connections and the NAT and connection > tracking modules (nf_conntrack, nf_conntrack_ftp, nf_nat and > nf_nat_ftp) are loaded. > > I have followed this approach at a number of places without any > problems related to FTP or other protocols. The only issue I faced was > that the patch failed for all the CentOS 5.x kernels I tried (perhaps > due to some conflict with an existing patch). But its working > perfectly for the kernels in CentOS 6 and 6.1. > > Thanks, > -- > Manish > > Hi Manish, > > Thanks for the response. > It is good to know there is a general solution. It is too bad that > the referenced patches were never merged into to main kernel tree, forcing > people > to have to build and maintain their own kernel. > > > -- > Stephen Clark In case you want to avoid compiling the kernel and are comfortable with FreeBSD, try pfSense, it also offers outbound load balancing and failover for multiple WAN links. -- Manish Kathuria _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos