On Wed, Apr 6, 2011 at 2:39 PM, Simon Hobson <[email protected]> wrote: > Pedro Bulach Gapski wrote: > >> > But won't fix his other problem - that the IP address in his SIP >>> packets will be wrong for one or other of the ISPs. I doubt if the >>> SIP ALG in the kernel would deal with this either. >>> >> >>This is indeed a major problem. In this case I have configured no NAT >>on the box itself and I am counting on the ISP modems to work out the >>NAT translations of its traffic. On isolated tests using route_rules >>to select the interface, it works with both ISPs separately. > > Sounds like your provider is running a NAT-proxy service - that > should work round that problem. > >>My problem now is really in achieving a nice load balance, but since >>the endpoints are always the same this has been a challenge and I am >>running out of ideas :-( > > Have you considered a different approach ? Could you create two sets > of trunks, possibly bound to different IPs, and let the exchange > pseudo-balance the calls across the trunks ? I'm assuming the (or at > least one) reason for trying to load balance is to avoid having n+1 > calls on a connection that only supports n, so having a trunk routed > via that connection and limited to n calls would deal with that.
This may be a nice way to go. I can easily create two trunks and balance the calls between them, and we already have call limits in place. But I still need a way to bound each trunk to a different interface, since the endpoints are always the same. Maybe I can use something akin to iptables -m string --string 'TRUNK1' and iptables -m string 'TRUNK2' to place tcrules-like marks on the packets based on the trunk. Is there a way to access iptables -m string functionality from inside shorewall in a tcrules-compatible way? > > -- > Simon Hobson > > Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed > author Gladys Hobson. Novels - poetry - short stories - ideal as > Christmas stocking fillers. Some available as e-books. > > ------------------------------------------------------------------------------ > Xperia(TM) PLAY > It's a major breakthrough. An authentic gaming > smartphone on the nation's most reliable network. > And it wants your games. > http://p.sf.net/sfu/verizon-sfdev > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
