On Sun, 11 Jan 2004, Julian Anastasov wrote: > - use CONNMARK or similar functionality to keep the connection > bound to its path. As long as CONNMARK is not a standard feature > there is no safe way to use multipath routes with MASQUERADE and > SNAT in the latest kernels. Even before this change it was risky > to rely on the routing cache to keep NAT connections bound to > its path in the multipath route - the cache entries expire. As the aurhor of CONNMARK I certainly do not mind having this progress beyond path-o-matic extras.. While it was invented to solve a special-case issue, it has over the years found many additional and more general uses. Today it is in use for a) Multihomed setups of a shared network with limited routing tables b) Reliable and easy to understand multipath+NAT routing. c) Interception routing without NAT, routing specific TCP sessions (including RELATED and ICMP messages) a special path, usually for interception caching outside of the router without loss of addressing information. and probably several other applications I do not know about or simply forgotten. Regards Henrik - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html