RE: Multipath Routing
> > I seem to have some problems with this. I am not sure if it would fall
> > firewall but since netfilter is involed I will try anyway.
> > The current problem I am having is there are 2 internet connections.
> > 1 or the other internet connection will work fine.
> > However I am trying to use both at the same time. I was doing it in the
> > following way.
> > Conn1: is normally on ppp0
> "Normally" ? :-D
Yes normally. As in there are other interfaces that create ppp interfaces.
pptp client in this case.
> > Conn2: is on eth1
> > Local: is on eth0
> > Both ppp0 and eth1 are connected using different isp's
> > And I was hoping todo a load balance with them as well as have some
> > redundancy.
> > However NAT is performed on both of this interfaces because eth0 is
> build of
> > private addresses. I can get the multipath route's to work and NAT does
> > occur but then packets with the wrong source address go out the wrong
> > interface. Eg Packets with source address of ppp0 goes out eth1 etc..
> What is your exact NAT and routing setup ?
> > Currently I am separating this using a command like
> > ip rule add from <ppp0 ip address> lookup Conn1
> > ip rule add from <eth1 ip address> lookup Conn2
> > But this doesn't seem to make any difference to the packets after NAT is
> > performed on them.
> You must be aware that source NAT (SNAT) or masquerading (MASQUERADE)
> are performed by iptables in the POSTROUTING chain, that is *after* the
> routing phase. So it does not influence routing which sees only original
> source addresses. You can have an quick overview of an IP packet path
> through Netfilter and IP routing in Linux 2.4 on this page :
This looks like what is happening. If there a way todo nat before the
POSTROUTING chain ? Or is there a way to force it to recalculate the route
After the address translation takes place.
> By the way, did you check that reverse path filtering is disabled in the
> kernel settings for both external interfaces, since it is incompatible
> with multihoming ?
If you mean the rp_filter option in /proc/sys/net then yes this is turned