Kirk, On Tue, 2006-03-28 at 10:46 -0500, Kirk Reiser wrote: > "William L. Thomson Jr." <wlt@xxxxxxxxxxxxxxxxxxxx> writes: > > > Somethings is not setup correctly then. Outgoing packets should use the > > same interface as incoming packets either SNAT or DNAT. If it is not, > > then that's because rules and tables are not setup properly. > > Well, would this interface tracking be something provided by Julian > Andresson's patches? YES, that is exactly what provides it. Julians patches with no nat, no go. Nat with no patches no go ;) It's his patches with the natting that allows for proper lookup and route back out the proper interface. > I haven't applied those yet because up until now > I didn't think they applied to my situation. I don't know how > differently I could set up the DNAT'ing than what I am doing but it > sure isn't interface tracking currently. Nope leave DNAT'ting alone. Just look into patching a kernel and booting it. Then see what you get. I would imagine the results you want if have all the rules setup properly. > > Sure that's a nasty way of load balancing. Which will cause multiple > > problems. Since you can't flush the clients catch easily and they will > > still have a route in their cache to the first interface/isp. Despite > > the response coming from the other. > > Oh yes. It really screws up udp connections because the various > packets go out different interfaces when nexthopping. I have seen that and came across it during my painful trial and errors as I was trying to get load balancing working. -- Sincerely, William L. Thomson Jr. Obsidian-Studios, Inc. http://www.obsidian-studios.com _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
