On Wednesday 09 April 2003 03:34 pm, Christian Cernuschi wrote: > On Wednesday 09 April 2003 03:10 pm, dhiraj.2.bhuyan@xxxxxx wrote: > > note one thing - > > > > when the client tries to connect to port 80 of x.y.z.1, the firewall in > > x.y.z.1 redirects the traffic to x.y.z.2:80 > > > > so the client will be receiving packets from x.y.z.2:80 - which is not > > what it is expecting. It is waiting for packets from x.y.z.1:80 - so it > > will no doubt timeout. You should be able to see the packets coming from > > x.y.z.2:80 by running a sniffer on the client machine. > > > > I think Eric Joe did infact give the right solution - that x.y.z.1 will > > be working as a proxy between the client and x.y.z.2 - although you can > > question if you are achieving your "loadbalancing" by this. > exactly... it's the same conclusion i arrived.. The solution (also for source adress keeping) is to masquerade the destination machine under the first one! The destination machine must not reside "under" the first.It can also be at the same level (read attached to the same switch) but needs to have the first machine as gateway. (so MASQ rules works) Doing in this way should work everything!! Thank you again (i liked to study this...) xchris
