On Tue, 2006-03-28 at 11:27 +0200, sAwAr wrote: > > That's your problem. The Linux box with multiple gateways needs nat. At > > least that was a requirement back in the day. Pretty sure nothing has > > change there. Part of what Julian's patches address as well. > > > > When I had a setup like yours. I did two rounds of NAT/PAT. Once in each > > of the routers, then again in the Linux router for the multiple gateway > > thing to work. > > > > Try doing nat in your Linux box as well, and you should see some better > > results. > > > Yes I've tryd it. I did it by > -A POSTROUTING -s 192.168.200.10 -o eth0 -j SNAT --to-source 80.48.56.70 > -A POSTROUTING -s 80.48.56.70 -o eth1 -j SNAT --to-source 192.168.200.10 > > And it was working at least the connections with bad src ip was nated > and they wasn't drop by ISP routers due to wrong src ip. It was > happen when for example router with ip 80.48.56.65 recived packet from > 192.168.200.10. The nat realy help. However with this solution my > connections are natted and wan't be able to make direcct connections > ie p2p, Will I? Sure you can, you just need to setup PAT via DNAT, along with SNAT. Your doing translation from inside out, for P2P or serving stuff. You need to have translation from the outside in as well. > But why this is happen? In my opinion there is still some bug because > the gw should change in each "hop" like the src adress is changing. Well the request goes back out the interface it came in. If the request was initiated from the outside. If it's initiated from the inside and there is nothing in cache. Then each time it tries to send something out, form the inside. It should use a different gateway. However if it sends a request out one interface, and that route is cache. It might send out a few more till the cache expires. Then it will switch to the other interface. > Nat only fix the wrong src addres but not resolve this problem... or > maby this is normal behaviour of load-balancing ? I don't think so... > It really is design, since it someone on the remote end is expecting a response from one IP. Responding from another is no good. If I understood the problem correctly. -- Sincerely, William L. Thomson Jr. Obsidian-Studios, Inc. http://www.obsidian-studios.com _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
