This is not a problem with linux it is a simple fact of IP/TCP and applications. A workaround is put the IP into a ipt_recent list then SNAT all that traffic the one way for a given time. There was a ipt_helper for MSN but I dont know where it is in development. I use the route taget in iptables rather than ip (sorry guys but you can just do so much funky stuff with it) So just to recap on my suggestion. Find the MSN traffic e.g. What ever port it uses for session initiation then put that ip into an ipt_recent list. The check that list before you snat. This will SNAT all the traffic from that IP to one interface for a certain amount of time that you set e.g. if it has not seen the packet within 600 secs clear it from the list. I use the for VoIP to multiple SNAT targets. On Mon, 2005-11-14 at 00:51 +0800, ro0ot wrote: > I have this in /etc/iproute2/rt_tables as below: - > > 216 https.out > 219 msn.out > > And, I have the below in my custom script: - > > $IPTABLES -t nat -A POSTROUTING -o eth3 -j SNAT --to-source 1.2.3.4 > $IPTABLES -t nat -A POSTROUTING -o eth4 -j SNAT --to-source 5.6.7.8 > > $IPTABLES -t mangle -A PREROUTING -i eth1 -p tcp --dport 443 -j MARK > --set-mark 16 > $IPTABLES -t mangle -A PREROUTING -i eth1 -p tcp --dport 1863 -j MARK > --set-mark 19 > > ip rule add fwmark 16 table https.out > ip rule add fwmark 19 table msn.out > > ip route add default via 1.2.3.4 dev eth3 table https.out > ip route add default via 1.2.3.4 dev eth3 table msn.out > > But, still I am facing complaints... > > Edmundo Carmona wrote: > > >We have exaclty the same problem in our load-balancing proxy. > > > >Remember that if you are load-balancing, traffic eventually will come > >out through another network interface,,, and hence, another source IP. > > > >The problem must be that the MSN service gets "confused" when he sees > >that the one session has changed source IPs... or maybe it's a IP > >stack problem and not related to the MSN specifically. Anybody can > >provide some more feedback on this? The IP session layer is supposed > >to keep sessions across changing IPs? > > > >Our "solution" was to tell the MSN clients to use a proxy server that > >has a single internet connection (separete from our main proxy server, > >which is the one loadbalancing). > > > >On 11/13/05, ro0ot <ro0ot@xxxxxxxxxxxx> wrote: > > > > > >>Hi, > >> > >>I have the my gateway with load balancing traffic going out over two > >>providers. Web browsing is fine...working great. > >> > >>But, my clients (office staff) complains that MSN keeps disconnecting > >>(in 5 mins). Why? > >> > >>Please help me... > >> > >>Regards, > >>ro0ot > >> > >> > >> > >>_______________________________________________ > >>LARTC mailing list > >>LARTC@xxxxxxxxxxxxxxx > >>http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > >> > >> > >> > > > > > > > > > > > > _______________________________________________ > LARTC mailing list > LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
