On Thu, Feb 07, 2002 at 02:31:00PM -0800, Richardson, Robert wrote: > With the configuration below it is possible to do load-balancing, > both in and out, but it is not possible to secure shell to the > box. If the "ip rule" lines are commented out, login is possible, > but no outbound load balancing. Please be more precise. What happens when connecting via ssh? Run ssh -v. Do you get a timeout? Do you get a connection reset by peer? At which line does it stop working. My glass ball is running overtime on this list. Can you run tcpdump on all interfaces on your Compaq while you try to login? > OUR CONFIGURATION: > ip route add 206.17.228.231 dev eth1 > ip route add 206.17.228.232 dev eth2 > ip route add 206.17.228.230 dev eth0 > /sbin/route del default 2> /dev/null > /sbin/ip route add default equalize nexthop via 206.17.228.2 dev eth1 > nexthop via 206.17.228.2 dev eth2 I suggest you remove the generic default route - you've covered all possibilities in other tables - unless there are more IP addresses on your machine. In that case, the problem is that ssh changes its TOS halfway during connecting, causing packets that previously went out over, say eth0, to suddenly go out over eth1, which may upset your local routing. Try ssh-ing to one of the addresses for which a table exists. Anyway, do the measurements. This setup is supposed to work just fine. Regards, bert -- http://www.PowerDNS.com Versatile DNS Software & Services http://www.tk the dot in .tk Netherlabs BV / Rent-a-Nerd.nl - Nerd Available - Linux Advanced Routing & Traffic Control: http://ds9a.nl/lartc
