Luciano Ruete wrote: > You need to use iptables CONNMARK to keep track of "wich conn" with "wich > ISP", see this[1] thread for reference and a nano HOWTO. > > [1]http://mailman.ds9a.nl/pipermail/lartc/2006q2/018964.html Thanks for the hint, however the really setup is a little different and AFAIK the connmark approach doesn't help. This linux box have three ip addresses: 1 for the main internet link (hdsl_ip) plus 2 other for the two adsl connection (all binded to eth0). The default gateway's box is the hdsl ISP router. This is used for ipsec tunnels (driven by swan), and other 'serious' traffic: /sbin/route add default gw hdsl_router metric 1 Then there is the route for the two adsl links, which are used for internet surfing traffic: ip route add default equalize table adsl \ nexthop dev eth0 via adsl_router_A weight 1 \ nexthop dev eth0 via adsl_router_B weight 1 ip rule add fwmark 1 table adsl priority 400 $IPTABLES -t mangle -A OUTPUT --protocol tcp -m multiport --dports 80,443 -j MARK --set-mark 1 Squid is running on top of this same box. What I'm trying to do is to split the browsing traffic (that generated by squid) to the two adsl lines. The problem is the packet source ip sent by squid which is taken from the default route, so I must nat these packet with these rule: $IPTABLES -t nat -A POSTROUTING -s hdsl_ip --protocol tcp -m multiport --dports 80,443 -m statistic --mode nth --every 2 -j SNAT --to adsl_A $IPTABLES -t nat -A POSTROUTING -s hdsl_ip --protocol tcp -m multiport --dports 80,443 -j SNAT --to adsl_B _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
