The setup uses 2 x 2 2Mb/s DSLs, meaning two DSLs from each of two different ISPs.
It works fine except for some minor glitches:
https-sites often kicks users. This was solved by tying outbound https to a single DSL. Not the best solution but it works so far that users dont kicked from the sites anymore. Now they can put credits on the SIM-cards again ;-)
ICQ-logins is a pain as it often takes several attempts (4-8 usually) to get connected to ICQ.
I've tested with the latest micq from a host on the LAN and it says "Connection refused (111)". The same behaviour goes for all other (reported) clients of all kinds on the LAN. On the same time ICQ works fine from othe locations.
Now I'm wondering and it is somewhat ICQspecific: when one connects to ICQ one gets redirected to another server. Perhaps this redirect causes the connection to take another DSL on its way onto the Internet... and maybe the new sourceaddress causes the ICQ-server to drop the connection attempt due to difference between the initial sourceaddress and the "second" sourceaddress.
Now, the simple way to solve this issue is to bind anything even remotely related to ICQtraffic to one single DSL, but I'd really like to solve this "The Proper Way".
Suggestion:
Can one "bind" traffic from one LAN-user to the same DSL, effective in lets say 10 minutes from the initial connection?
Can some magic with conntrack be put to use?
1. How can I find out what is causing this "glitch"?
This would be rather important since it could be the cause of other "irregularities" in the operation.
2. How is this solved?
A snippet from the /etc/sysctl.conf:
net.ipv4.route.max_size=32768 net.ipv4.route.gc_min_interval=5 net.ipv4.route.gc_interval=300
It's a 2.4.23-box and it does SNAT on all four DSLs. It's pretty open from the inside towards the Internet.
-- Mvh. / Best regards, Steen Suder <http://www.suder.dk/> ICQ UIN 4133803
_______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
