"Brian J. Murrell" wrote: I could be way off base here, but I (obviously) don't think so! > On Thu, 2004-11-25 at 21:40 -0800, gypsy wrote: > > > > Guessing from the lack of any mention of KeepState > > KeepState? If you are referring to: > > 52459 2774K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED > > rules, I have those sprinkled throughout my ruleset where necessary. > The iptables "snippet" I included in my previous message was just that. > Just the relevant portion that does the NATting. No, I am referring to http://www.ssi.bg/~ja/nano.txt which is a MUST READ for you, like it or not. > > in your iptables > > setup, > > Like I said, the RELATED,ESTABLISHED state rules are in there. My full > set of iptables rules is >400. I did not see see a need to post that > fully here. > > > my guess is that you ignored the advice to vist Julian > > Anastasov's web site. > > No I didn't ignore it. But what that site is promoting is some kind of > floppy disk based router distribution or something. There is a lot of stuff on Julian's site, but I see nothing referring to a floppy disk based router. Use the nano.txt URL above. > > Start with this: > > http://www.geocities.com/mctiew/ffw/dual.htm > > I am not looking to replace/rebuild my whole firewall. I simply want to > add a second link to my existing one and have the packets use the > correct interface -- to travel back out the interface from which they > came. That is not why I sent you there... > I don't want to do load balancing or failover or anything fancy. I want > two interfaces where I use one for all outgoing traffic and the only > time the alternate is used is to send response packets to connections > that come _in_ that interface or for routes that are specifically > directed through that interface via a routing table entry. Yes, you DO want something fancy. > > You should also google LARTC "Finally: A working case of two adsl load > > balance". Read Ron Senykoff's post "load balance a file download across > > two connections - success!". > > Interesting. Followed a few links too. Looks like a lot of bells and > whistles I am not really looking for (load balancing and failover, etc.) > but there is some hint of indication that there is a patch needed to > make sure NAT uses the right physical interface. Maybe I will go bug > the netfilter guys to see if this is the case. Perhaps you are not looking for bells and whistles, but you certainly need correct routing tables. Netfilter has nothing to do with what you need except that which is contained in nano.txt. > Thanx, > b. gypsy _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
