From: "Brian J. Murrell" <brian@interlinx.bc.ca>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] simple dual Internet connection setup not sending
Date: Fri, 26 Nov 2004 13:19:23 +0000 [thread overview]
Message-ID: <1101475163.8287.94.camel@pc> (raw)
In-Reply-To: <1101398346.8287.66.camel@pc>
[-- Attachment #1: Type: text/plain, Size: 2037 bytes --]
On Thu, 2004-11-25 at 21:40 -0800, gypsy wrote:
>
> Guessing from the lack of any mention of KeepState
KeepState? If you are referring to:
52459 2774K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
rules, I have those sprinkled throughout my ruleset where necessary.
The iptables "snippet" I included in my previous message was just that.
Just the relevant portion that does the NATting.
> in your iptables
> setup,
Like I said, the RELATED,ESTABLISHED state rules are in there. My full
set of iptables rules is >400. I did not see see a need to post that
fully here.
> my guess is that you ignored the advice to vist Julian
> Anastasov's web site.
No I didn't ignore it. But what that site is promoting is some kind of
floppy disk based router distribution or something.
>
> Start with this:
> http://www.geocities.com/mctiew/ffw/dual.htm
I am not looking to replace/rebuild my whole firewall. I simply want to
add a second link to my existing one and have the packets use the
correct interface -- to travel back out the interface from which they
came.
I don't want to do load balancing or failover or anything fancy. I want
two interfaces where I use one for all outgoing traffic and the only
time the alternate is used is to send response packets to connections
that come _in_ that interface or for routes that are specifically
directed through that interface via a routing table entry.
> You should also google LARTC "Finally: A working case of two adsl load
> balance". Read Ron Senykoff's post "load balance a file download across
> two connections - success!".
Interesting. Followed a few links too. Looks like a lot of bells and
whistles I am not really looking for (load balancing and failover, etc.)
but there is some hint of indication that there is a patch needed to
make sure NAT uses the right physical interface. Maybe I will go bug
the netfilter guys to see if this is the case.
Thanx,
b.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2004-11-26 13:19 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-11-25 15:59 [LARTC] simple dual Internet connection setup not sending return packets Brian J. Murrell
2004-11-26 5:40 ` [LARTC] simple dual Internet connection setup not sending return gypsy
2004-11-26 13:19 ` Brian J. Murrell [this message]
2004-11-26 14:39 ` [LARTC] simple dual Internet connection setup not sending Brian J. Murrell
2004-11-26 15:21 ` Brian J. Murrell
2004-11-26 16:44 ` Brian J. Murrell
2004-11-26 17:45 ` Brian J. Murrell
2004-11-26 21:27 ` [LARTC] simple dual Internet connection setup not sendingreturn gypsy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1101475163.8287.94.camel@pc \
--to=brian@interlinx.bc.ca \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.