<citaat van="David Lang"> > In trying to figure out a LVS configuration to load balance firewallsI > have > gotten stuck with one problem. > > the scenerio below is drasticly simplified, I can go into more detail if > people > think it would help. > > inbound traffic to a box can arrive through either box B or box C > (depending on > factors outside this problem) > > B C > \ / > A > | > D > > box A routes the traffic on to box D > > box D replies to the connection (sending the packets to box A) > > box A needs to figure out which box (B or C) the connection came through > in the > first place and use that as the gateway for the reply packets. > > the nearest thing I can think of to a solution would be for box A to > remember > the MAC address that started the connection and then use it as the gateway > for > reply packets that are part of that connections. I don't know how to do > this > (or even if it's possible) Use CONNMARK to remember which connection came from which gateway, use the ROUTE target to correctly route the replies. HTH, M4
