Hello everybody. I have a linux box running 2.6.16 acting as our proxy squid/firewall. It is connected to an hdsl link and to two cheaper adsl. I'm using nth match to splits squid connections (tcp/80 and tcp/443) between the two adsl lines: iptables -t nat -A POSTROUTING --protocol tcp -m multiport --dports 80,443 -m nth --every 2 --packet 0 -j SNAT --to-source first_adsl iptables -t nat -A POSTROUTING --protocol tcp -m multiport --dports 80,443 -m nth --every 2 --packet 1 -j SNAT --to-source second_adsl So far, so good. There are some problem with some SSL sites (home banking for example): sessions time-out after few seconds, multiple login requests etc... This is because of the two ip addresses. Is there a way to tell iptables to use the same '--to-source IP' to a given destination host when tcp port is 443?
