Re: [LARTC] Getting AOL IM client to work with IPTABLES and IPROUTE2 (port forwarding almost)

From: Christoph Simon <datageo@terra.com.br>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Getting AOL IM client to work with IPTABLES and IPROUTE2 (port forwarding almost)
Date: Sun, 28 Oct 2001 14:02:58 +0000	[thread overview]
Message-ID: <marc-lartc-100427780103696@msgid-missing> (raw)
In-Reply-To: <marc-lartc-100427589232417@msgid-missing>

On Sun, 28 Oct 2001 07:28:53 -0600
"David" <maniacdavid@cableone.net> wrote:

> I'm trying to get my AOL IM'r to work consistenly with 2 cable modems. It
> seems like it says it can't connect (90% of the time, 10% it works, just
> pure luck) when I have both of the cable modems working together with this
> iproute command
> 
> ip route default equalize nexthop via ***.***.***.*** dev eth0 nexthop via
> ***.***.***.*** dev eth2
> iptables -A POSTROUTING -t nat -j MASQUERADE -o eth2
> iptables -A POSTROUTING -t nat -j MASQUERADE -o eth0
> Internet and everything else works fine with that. I need a solution whether
> it be some kind of forwarding (port 5190) so that anything received comes
> through 1 ethernet address. It might even have to be sent out the same
> ethernet address but I'm thinking either one would work if there is someway
> to put a return address on the packet or something. I know AOL im'r works
> 100% when the linux box is routing just through 1 cable modem.

I'm a bit surprised that you say that `Internet and everything else
works fine'. I've tried this and it did *not* work properly. Actually,
if I did understand it well, the usage of the `equalize' argument to
ip makes the selection of a particular interface packet based, while
the omission should make it session base. I have tried all
combinations I'm aware of, including weight'ing of the nexthops, and
it did not work. HTTP based Internet access will fail with any more or
less elaborated site, as requests will come from more than one
IP. This doesn't mean that session oriented interface selection
doesn't work (which I can't tell for sure); it just means that certain
subsequent complete user sessions need to use the same IP. This might
be the reason why AIM isn't working, as it seems to expect always the
same IP from you.

What you could do is trying to configure AIM such that it will always
use only one interface. This doesn't work for HTTP, specially if there
is a proxy (e.g., squid) which hides where the request actually comes
from (which user and/or which computer on the LAN).

I've asked this question in diferent forms more than once, and didn't
get more answers than ``if you figure out, please tell me
too'. Unfortunately, no expert on this list bothered to tell me, that
this is plain impossible, or what would be needed to make it
work. (Well, I remember having got one answer, which pointed to
another answer `some months ago', which I'm not sure to have found,
and which actually didn't solve the problem).

There are many, many people out there looking for this to work. Is
there really no knowledgable guy on this list who would dare to give
an definitive answer, wether the simultaneous usage of more than one
independent Internet link is possible, or even better, add such thing
to a FAQ and provide a pointer to it? And giving a reasoning might
also help reduce lots of frustration and lost time.

--
Christoph Simon
datageo@terra.com.br
---
^X^C
q
quit
:q
^C
end
x
exit
ZZ
^D
?
help
NO CARRIER
.

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/