Re: is this the zillionth mail asking for this detail?

[Edmundo Carmona <eantoranz@gmail.com>]

I'm jumping on one leg! Forgive me if I don't sound serious right now.

Yeah... no service on the firewall, right? :-) That's absolutely not
the case of this particular firewall. Not like I have a networking lab
in the firewall... but there's squid and VPN (at least).

I want to make sure I got it right:

Suppose I have three internet connections.

I will load-balance two of them and leave one out just for VPN
connections and other services. According to what you are saying, I
could mark the packets in mangle-output that come from the VPN service
and then force them to go out with a rule that uses that firewall
mark.... right?

Thank you very much for your feedback!

Note:
It's not like I'm freaky and I just want to load balance two of them
leaving one out. I COUDLN'T get to load balance all three. After some
experimentation I noticed that two of the interfaces didn't get along
very well to make a multipath routing. I think it's because they're
both on the same network. Maybe you know of some multipath guru that
could help me with this so I can load-balance all of them.



On 7/21/05, Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> wrote:
> On Thu, 21 Jul 2005, Jan Engelhardt wrote:
> 
> > >local process -> routing -> OUTPUT chain -> routing -> POSTROUTING chain
> > >
> > >No problem with policy routing for the locally generated traffic.
> >
> > This sounds like a total overhead calculating the route twice.
> 
> The first one is required to fill out output device for the packet. The
> second one is there to give chance to play with routing in OUTPUT.
> 
> This is traffic, generated locally, on the firewall.
> You should run nothing on your firewall ;-)
> 
> Best regards,
> Jozsef
> -
> E-mail  : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
> PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
> Address : KFKI Research Institute for Particle and Nuclear Physics
>           H-1525 Budapest 114, POB. 49, Hungary
> 
>