Thanks for the reply Rob0. On Thursday 2005-September-15 04:59, Marco Berizzi wrote: >> My firewall script mark all the squid packet and I route them >You did not post your rules. This is not the real problem. The problem is the SNAT rule. It is doesn't work as stated by man. How does it work? Per socket? Or per socket per host? iptables -t nat -I POSTROUTING -s HDSL_ip --protocol tcp -m multiport --dports SQUIDports -j SNAT --to first_adsl_ip --to second_adsl_ip This rules snat all packets created by this (squid) host, but everytime I connect to the internet *always* the first_adsl_ip is chosen. My company lan has about 150 pc that connect to the internet by this proxy, so I don't understand why *everytime* I open my browser and I connect to www.dnsstuff.com always the same ip is displayed. It isn't a cache problem because I reset them (both on squid and browser side). >> through the two adsl connections (I have patched the kernel >> with the equalize patch). > Which patch is this? I have used Julian Anastasov's patches Here is http://www.ussg.iu.edu/hypermail/linux/kernel/0203.2/1314.html However this is only for routing not for nat.
