On Thu, 2004-11-25 at 21:40 -0800, gypsy wrote: > > Guessing from the lack of any mention of KeepState KeepState? If you are referring to: 52459 2774K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED rules, I have those sprinkled throughout my ruleset where necessary. The iptables "snippet" I included in my previous message was just that. Just the relevant portion that does the NATting. > in your iptables > setup, Like I said, the RELATED,ESTABLISHED state rules are in there. My full set of iptables rules is >400. I did not see see a need to post that fully here. > my guess is that you ignored the advice to vist Julian > Anastasov's web site. No I didn't ignore it. But what that site is promoting is some kind of floppy disk based router distribution or something. > > Start with this: > http://www.geocities.com/mctiew/ffw/dual.htm I am not looking to replace/rebuild my whole firewall. I simply want to add a second link to my existing one and have the packets use the correct interface -- to travel back out the interface from which they came. I don't want to do load balancing or failover or anything fancy. I want two interfaces where I use one for all outgoing traffic and the only time the alternate is used is to send response packets to connections that come _in_ that interface or for routes that are specifically directed through that interface via a routing table entry. > You should also google LARTC "Finally: A working case of two adsl load > balance". Read Ron Senykoff's post "load balance a file download across > two connections - success!". Interesting. Followed a few links too. Looks like a lot of bells and whistles I am not really looking for (load balancing and failover, etc.) but there is some hint of indication that there is a patch needed to make sure NAT uses the right physical interface. Maybe I will go bug the netfilter guys to see if this is the case. Thanx, b.
Attachment:
signature.asc
Description: This is a digitally signed message part
