> I see. My gateway establishes PPP links in random order too, so I cannot > rely on predictable interface names to set up routes and iptables rules.
At the minute I have a set of scripts taking care of this form ip-up / ip-down. It seems the only sane way todo it. > > This looks like what is happening. Is there a way to do nat before the > > POSTROUTING chain ? Or is there a way to force it to recalculate the > route > > after the address translation takes place ? > > If you mean source NAT, the short answer is no. As you can see in the > map, source NAT can only take place in the POSTROUTING chain, and > rerouting can only occur on locally generated packets after destination > NAT and/or mangling in the OUTPUT chain. > > So you have to decide at routing time what the output interface will be. > Later, it is too late. I cannot be more precise without knowing your > routing policy. Then you can do source NAT based on the output interface > in the POSTROUTING chain. I don't yet really have a routing policy as such. Its kind of open for anything. But the ideal way for this to work would be for any outbound tcp / udp to use either connection on a ratio bases initially 50 / 50 to make things simple. I have been able to get it to work off certain ip address by selecting the route by source ip address before the port routing table. But I cannot get it to work for all connections. I was possibly thinking of a way todo this by using a dummy interface and setting it to be the default route then writing a small program to read outbound packets on this interface and re-injecting them into the kernel after the SNAT has been applied. This seems a bit of over kill though. I did find some linux routing patches at http://www.ssi.bg/~ja/#routes It makes it work. But it does have some side effect like the first packet of a connection can go out the wrong interface. James -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
