Doing routing based on this: http://lartc.org/howto/lartc.rpdb.multiple-links.html Have done it for over a year. Tried a new 2.6.15 kernel. Firewall is based on debian sarge. Most things work ok dnat snat etc. Can simultaneous ssh in to an internal host via both isps with no problems. At the moment the default route is via eth2. root@fonroute:~# ip rule 0: from all lookup local 200: from all lookup 200 201: from 216.170.136.0/24 lookup isp1 201: from 24.196.120.28/30 lookup isp2 222: from all lookup multi 32766: from all lookup main 32767: from all lookup default root@fonroute:~# ip route list table 200 192.168.0.0/16 via 192.168.2.254 dev eth0 root@fonroute:~# ip route list table isp1 default via 216.170.136.1 dev eth1 proto static src 216.170.136.82 prohibit default proto static metric 1 root@fonroute:~# ip route list table isp2 default via 24.196.120.29 dev eth2 proto static src 24.196.120.30 prohibit default proto static metric 1 root@fonroute:~# ip route list table multi default via 24.196.120.29 dev eth2 proto static What always fails is: ssh into internal host via eth1. >From there ssh or ping back to the original host. One thing I have noticed the there are far less connections in /proc/net/ip_conntrack but connections I was testing are listed. Was holding off posting until I could describe it better but running out of time :-( Sorry I know this is not enough. I need to put it on another kernel soon but I can try on another firewall if anyone has any ideas to try. Thanks John -- John McMonagle IT Manager Advocap Inc. _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
