Since you are doing SNAT on all the dsl lines, I'd suggest using the -j SAME target available for netfilter.
http://netfilter.org/documentation/pomlist/pom-base.html#SAME
As I understand it, SAME cannot be used here since the "loadbalancing" in a nano-setup is done by the routing (multiple default gateways) and, thus, the traffic is already going out a particular interface when it reaches the POSTROUTING chain (where SAME lives).
Also, we have only one public IP on every WAN-if.
If I just could manipulate the routing in the kernel to tie new connections from a given LANuser to a specific WANif, at least for a brief period of time, I'd think the issue would be solved.
<SNIP problems with ICQ behind a nanosetup>
-- Mvh. / Best regards, Steen Suder <http://www.suder.dk/> ICQ UIN 4133803
_______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
