Hello, On 28 Oct 2002, Vincent Jaussaud wrote: > My question is, if we ensure that EVERY packets, whatever path they use > to arrive, finally pass through a single peer doing NAT, is this suppose > to work around my TOS problem ? Sounds correct. The requirement is each packet from one connection to be NAT-ed only from one NAT router and to same masquerade address and port. The routing cache can not guarantee that. It can be done only from the patched masquerade. > What about the rp_filter kernel value ? Could it be a problem in such > setup ? The patches are designed to work with rp_filter enabled. You can safely use it, it is changed to work only with the defined paths. > Thanks again. > Vincent. Regards -- Julian Anastasov <ja@ssi.bg> _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/