[LARTC] Balancing multiple connections and NAT
Sebastian Bork
sebi at sebi.org
Fri Feb 24 22:22:00 CET 2006
On Sa, 2006-02-25 at 00:23 +0530, Raj Mathur wrote:
> >>>>> "Sebastian" == Sebastian Bork <sebi at sebi.org> writes:
> Sebastian> I use exactly the same setup with a customer's
> Sebastian> conenction, the only difference: I use MASQUERADE
> Sebastian> instead of SNAT. I did not see anything like the
> Sebastian> problem you describe. Maybe because MAQUERADE works
> Sebastian> stateful, SNAT not? If you do not have a special reason
> Sebastian> for using SNAT, I think you should try MASQUERADE. If
> Sebastian> your problem persits, please tell me, as I have to look
> Sebastian> at my customer's setup very closely then, to catch this
> Sebastian> before anyone complains.
>
> Well, both MASQUERADE and SNAT are stateful (MASQUERADE is just a
> special case of SNAT as far as I remember); however it's worth a shot
> if it's working for you.
>
> It's pretty easy to trap the wrong source IP errors -- going back to
> my example, just run:
Done. It happens here, too. But now it gets really strange: the data (I
tried scp) goes out on IF1 with IF2's source address. The ACK packets
come in on IF2. The connection works anyway ... *That's* what I'd call
really cool load-balancing.
More information about the LARTC
mailing list