Since you are doing SNAT on all the dsl lines, I'd suggest using the -j SAME target available for netfilter. http://netfilter.org/documentation/pomlist/pom-base.html#SAME ----- Original Message ----- From: "Steen Suder, privat" <steen@xxxxxxxx> To: <lartc@xxxxxxxxxxxxxxx> Sent: Sunday, December 14, 2003 6:57 PM Subject: Problems with ICQ etc. on nano-setup > I administer a nano-setup on a dorm-network with a couple of hundred > active users. > > The setup uses 2 x 2 2Mb/s DSLs, meaning two DSLs from each of two > different ISPs. > > It works fine except for some minor glitches: > > https-sites often kicks users. This was solved by tying outbound https > to a single DSL. Not the best solution but it works so far that users > dont kicked from the sites anymore. Now they can put credits on the > SIM-cards again ;-) > > ICQ-logins is a pain as it often takes several attempts (4-8 usually) to > get connected to ICQ. > I've tested with the latest micq from a host on the LAN and it says > "Connection refused (111)". The same behaviour goes for all other > (reported) clients of all kinds on the LAN. On the same time ICQ works > fine from othe locations. > > Now I'm wondering and it is somewhat ICQspecific: when one connects to > ICQ one gets redirected to another server. Perhaps this redirect causes > the connection to take another DSL on its way onto the Internet... and > maybe the new sourceaddress causes the ICQ-server to drop the connection > attempt due to difference between the initial sourceaddress and the > "second" sourceaddress. > > Now, the simple way to solve this issue is to bind anything even > remotely related to ICQtraffic to one single DSL, but I'd really like to > solve this "The Proper Way". > > Suggestion: > Can one "bind" traffic from one LAN-user to the same DSL, effective in > lets say 10 minutes from the initial connection? > Can some magic with conntrack be put to use? > > > 1. How can I find out what is causing this "glitch"? > > This would be rather important since it could be the cause of other > "irregularities" in the operation. > > > 2. How is this solved? > > > > A snippet from the /etc/sysctl.conf: > > net.ipv4.route.max_size=32768 > net.ipv4.route.gc_min_interval=5 > net.ipv4.route.gc_interval=300 > > It's a 2.4.23-box and it does SNAT on all four DSLs. > It's pretty open from the inside towards the Internet. > > -- > Mvh. / Best regards, > Steen Suder <http://www.suder.dk/> > ICQ UIN 4133803 > > _______________________________________________ > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
