> > I seem to have some problems with this. I am not sure if it would fall > under > > firewall but since netfilter is involed I will try anyway. > > > > The current problem I am having is there are 2 internet connections. > Either > > 1 or the other internet connection will work fine. > > > > However I am trying to use both at the same time. I was doing it in the > > following way. > > > > Conn1: is normally on ppp0 > > "Normally" ? :-D
Yes normally. As in there are other interfaces that create ppp interfaces. pptp client in this case. > > Conn2: is on eth1 > > Local: is on eth0 > > > > Both ppp0 and eth1 are connected using different isp's > > And I was hoping todo a load balance with them as well as have some > > redundancy. > > > > However NAT is performed on both of this interfaces because eth0 is > build of > > private addresses. I can get the multipath route's to work and NAT does > > occur but then packets with the wrong source address go out the wrong > > interface. Eg Packets with source address of ppp0 goes out eth1 etc.. > > What is your exact NAT and routing setup ? > > > Currently I am separating this using a command like > > ip rule add from <ppp0 ip address> lookup Conn1 > > ip rule add from <eth1 ip address> lookup Conn2 > > > > But this doesn't seem to make any difference to the packets after NAT is > > performed on them. > > You must be aware that source NAT (SNAT) or masquerading (MASQUERADE) > are performed by iptables in the POSTROUTING chain, that is *after* the > routing phase. So it does not influence routing which sees only original > source addresses. You can have an quick overview of an IP packet path > through Netfilter and IP routing in Linux 2.4 on this page : > http://www.plouf.fr.eu.org/bazar/netfilter/schema_netfilter.txt This looks like what is happening. If there a way todo nat before the POSTROUTING chain ? Or is there a way to force it to recalculate the route After the address translation takes place. > By the way, did you check that reverse path filtering is disabled in the > kernel settings for both external interfaces, since it is incompatible > with multihoming ? If you mean the rp_filter option in /proc/sys/net then yes this is turned off. James -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
