hello, my name is Denny. I am new in this list. I am trying use multiple uplinks as describe in the lartc documentation (http://lartc.org/howto/lartc.rpdb.multiple-links.html) with squid transparent proxy in my gateway server. let me draw the configuration : /----------------- -----DSL1-----| \ |Transparent proxy |----Local network -----DSL2-----| / \----------------- IP DSL1 : 172.17.1.2/30 IP DSL2 : 172.18.1.2/30 IP eth1(DSL1) : 172.17.1.1/30 IP eth2(DSL2) : 172.18.1.1/30 Local network : 10.14.1.0/24 each DSL links rate is 384 kbps downlink and 128 kbps uplinks. my ip route setting : ------------ ip route add equalize scope global \ nexthop via 172.17.1.2 dev eth1 weight 1 \ nexthop via 172.18.1.2 dev eth2 weight 1 ------------ my iptables setting : ------------ # proxy redirect iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128 # postrouting iptables -t nat -A POSTROUTING -j SNAT -o eth1 --to-source 172.17.1.1 iptables -t nat -A POSTROUTING -j SNAT -o eth2 --to-source 172.18.1.1 ------------ squid config : ------------ visible_hostname my_isp.net icp_port 0 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY http_port 3128 httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on cache_mem 512 MB cache_replacement_policy heap GDSF memory_replacement_policy heap GDSF cache_dir ufs /cache 6000 14 256 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl localnet src 10.14.1.0/255.255.255.0 acl SSL_ports port 443 563 acl Safe_ports port 80 21 443 563 70 210 1025-65535 acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow localhost http_access allow localnet http_access allow manager localhost http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny all cache_mgr cache-me cache_effective_user squid cache_effective_group squid logfile_rotate 0 log_icp_queries off buffered_logs on half_closed_clients off maximum_object_size 2048 KB ------------ All Configuration is works. I can browsing most website. But, I have another problem when implementing this multiple uplinks methods. 1. Messenger tools like YM will disconnect and try to reconnect every 3-5 minutes. it's always happens. 2. HTTPS for hotmail/msn is always error. "The connection was reset" always appear in mozilla firefox. but, it never happens with yahoo-mail and gmail (https). 3. MSN messenger never connect successfully. All these problem never happens when I used conventional routing with only one gateway. After search articles in internet, I am trying to mark each connection for MSN messenger via only one gateway. this is my solve using iptables : ---------- iptables -t mangle -A PREROUTING -p tcp --dport 443 -j MARK --set-mark 0x10 iptables -t mangle -A PREROUTING -p tcp --dport 1863:1864 -j MARK --set-mark 0x10 iptables -t nat -A POSTROUTING -m mark --mark 0x10 -j SNAT -o eth1 --to-source 172.17.1.2 ---------- It works!! My MSN messenger is able to connect now. but always disconnect every 3-5 minutes. The same way I try to fix my YM problem. I trying to mark YM port and postrouting the traffic to eth1. but, it's not solve my problem. YM always connect/disconnect every 5 minutes. (problem number 1) Another problem, why MSN/Hotmail webmail always refuse my connection? (problem number 2) Maybe somebody have idea how to solve this problem? I feel will give up soon... :( thanks alot for your information and helps.. :) best regards, Denny Zulfikar _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
