Hi guys, I think i sent this message twice by mistake, very sorry about that. This is the email you want to read, please discard the first email. And sorry about this late response, i've been playing with the kernel during this time. Well, i tested the CONNMARK option (the rules i tested are below) for the round robin, but i still get the same problem, when my browser just doesn't load any webpage and eventually times out. I hacked into the iptables modules: ipt_MASQUERADE and ip_tables and I put some "printk"s to see what was happening. The "printk"s in the ip_tables module show that the ppp links are chosen in a round robin fashion, which is very good. The rules I'm showing below use "-j SNAT --to-source <ppp0-ip-addr>" in the NAT table. I however used "-j MASQUERADE" instead because i believe this two jumps are equivalent and because i put some prints in the ipt_MASQUERADE module. (However if i'm wrong please correct me) Well the prints from the MASQUERADE module doesn't show anything, which means that the packets are never been masqueraded. So my browser is timing out because the packets, if they are sent at all, they are not being masqueraded, so they don't know how to return. The CONNMARK rules work fine for the round robin but packets are not masqueraded. I need to somehow connect this two set rules or to force the masqueraded somehow. I think iptables is getting mixup with all these rules and it doesn't know how to handle them. Any ideas or suggestions?? all are very welcome.. Thanx to all of you guys... Cheers Xavier PS Here are the last rules that i tested: > iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to-source <ppp0-ip-addr> > iptables -t nat -A POSTROUTING -o ppp1 -j SNAT --to-source <ppp1-ip-addr> > iptables -t nat -A POSTROUTING -o ppp2 -j SNAT --to-source <ppp2-ip-addr> > iptables -t nat -A POSTROUTING -o ppp3 -j SNAT --to-source <ppp3-ip-addr> > > iptables -t mangle -A PREROUTING -m nth --every 4 --packet 1 -m state --state new -j CONNMARK --set-mark 1 > iptables -t mangle -A PREROUTING -m nth --every 4 --packet 2 -m state --state new -j CONNMARK --set-mark 2 > iptables -t mangle -A PREROUTING -m nth --every 4 --packet 3 -m state --state new -j CONNMARK --set-mark 3 > iptables -t mangle -A PREROUTING -m nth --every 4 --packet 0 -m state --state new -j CONNMARK --set-mark 4 > > iptables -t mangle -A OUTPUT -m nth --every 4 --packet 1 -m state --state new -j CONNMARK --set-mark 1 > iptables -t mangle -A OUTPUT -m nth --every 4 --packet 2 -m state --state new -j CONNMARK --set-mark 2 > iptables -t mangle -A OUTPUT -m nth --every 4 --packet 3 -m state --state new -j CONNMARK --set-mark 3 > iptables -t mangle -A OUTPUT -m nth --every 4 --packet 0 -m state --state new -j CONNMARK --set-mark 4 > > iptables -t mangle -A POSTROUTING -m connmark --mark 1 -j ROUTE --oif ppp1 > iptables -t mangle -A POSTROUTING -m connmark --mark 2 -j ROUTE --oif ppp2 > iptables -t mangle -A POSTROUTING -m connmark --mark 3 -j ROUTE --oif ppp3 > iptables -t mangle -A POSTROUTING -m connmark --mark 4 -j ROUTE --oif ppp0 > > Haven't had the chance to test it, though. > > Ramin >
