You are using multiroute path, right? what is the output of ip route show default (on the router, of course). On 9/20/05, Marco Berizzi <pupilla@xxxxxxxxxxx> wrote: > Thanks for the reply Rob0. > > On Thursday 2005-September-15 04:59, Marco Berizzi wrote: > >> My firewall script mark all the squid packet and I route them > > >You did not post your rules. > > This is not the real problem. > The problem is the SNAT rule. It is doesn't work as stated > by man. How does it work? Per socket? Or per socket per host? > > iptables -t nat -I POSTROUTING -s HDSL_ip > --protocol tcp -m multiport --dports SQUIDports > -j SNAT --to first_adsl_ip --to second_adsl_ip > > This rules snat all packets created by this (squid) host, but > everytime I connect to the internet *always* the first_adsl_ip > is chosen. My company lan has about 150 pc that connect to > the internet by this proxy, so I don't understand why *everytime* > I open my browser and I connect to www.dnsstuff.com always the > same ip is displayed. It isn't a cache problem because I reset them > (both on squid and browser side). > > >> through the two adsl connections (I have patched the kernel > >> with the equalize patch). > > > Which patch is this? I have used Julian Anastasov's patches > > Here is http://www.ussg.iu.edu/hypermail/linux/kernel/0203.2/1314.html > However this is only for routing not for nat. > > > >
