El jue, 10-05-2007 a las 16:01 +0800, Salim S I escribió: Hi Salim, Thanks for your reply, > On closer look, I am wrong about shorewall. It seems to be a different > approach to load balancing. They connmark the incoming packets from > WAN, rather than outgoing packets. I think it should work well, but I > wonder why this approach is not popular. There must be some drawback > to it. I can’t think of one,though. I think the main advantage of shorewall solution is that it applies connmark to incoming packets from the wan as you point, leaving load balancing to outgoing connections to the main table. In any case, with this second solution I don't see wrong routed packages on wan interfaces using tcpdump, whereas with the first solution I do. More testing is required. Regarding to your previous reply, can you elaborate more on "...This approach will work, but you need some sort of stateful-ness in netfilter..." Cheers! -- Francis Brosnan Blazquez <francis@xxxxxxx> Advanced Software Production Line, S.L. _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
