On Monday 11 December 2006 08:15, Marco Berizzi wrote: > Hello everybody. > I'm running linux 2.6.19 with nth match to > alternatively snat outgoing connections to > two different ip addresses for load balancing > between two adsl lines: > Here is: > > $IPTABLES -t nat -A POSTROUTING -s my_ip --protocol tcp -m > multiport --dports 80,443 -m statistic --mode nth --every 2 -j SNAT --to > adslA > $IPTABLES -t nat -A POSTROUTING -s my_ip --protocol tcp -m > multiport --dports 80,443 -j SNAT --to adslB > > Things are working pretty good, but some > applications (https home banking for example), > don't work correctly (because the remote > server see two different ip addresses). Is > there any trick to tell iptables to snat > always with the same source ip for the same > destination host? I have also modified SNAT > with SAME, but no luck. You need to use iptables CONNMARK to keep track of "wich conn" with "wich ISP", see this[1] thread for reference and a nano HOWTO. [1]http://mailman.ds9a.nl/pipermail/lartc/2006q2/018964.html -- Luciano _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
