lartc-request@mailman.ds9a.nl wrote:
> Send LARTC mailing list submissions to
> lartc@mailman.ds9a.nl
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://mailman.ds9a.nl/mailman/listinfo/lartc
> or, via email, send a message with subject or body ''help''
to
> lartc-request@mailman.ds9a.nl
>
> You can reach the person managing the list at
> lartc-admin@mailman.ds9a.nl
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of LARTC digest..."
>
> Today''s Topics:
>
> 1. Re: HTB or CBQ ? (Stef Coene)
> 2. Re: Iptables, SNAT/MASQ, Multiple gateways (Don Cohen)
> 3. Re: RE:u32 filters and compression (Tobias Geiger)
> 4. ip route (Rimas)
> 5. Re: Rip problems (James Sneeringer)
> 6. Re: Iptables, SNAT/MASQ, Multiple gateways (Michael T. Babcock)
> 7. Re: Iptables, SNAT/MASQ, Multiple gateways (Jose Luis Domingo Lopez)
> 8. Two ISP and NAT (Rimas)
> 9. Re: Iptables, SNAT/MASQ, Multiple gateways (Julian Anastasov)
> 10. Re: Iptables, SNAT/MASQ, Multiple gateways (Simon Matthews)
> 11. Re: Iptables, SNAT/MASQ, Multiple gateways (Simon Matthews)
> 12. RE: Iptables, SNAT/MASQ, Multiple gateways (Greg Scott)
>
> --__--__--
>
> Message: 1
> From: Stef Coene <stef.coene@docum.org>
> Organization: None
> To: "Michael T. Babcock" <mbabcock@fibrespeed.net>
> Subject: Re: [LARTC] HTB or CBQ ?
> Date: Mon, 30 Sep 2002 17:37:03 +0200
> Cc: SERBAN Rares <serban_rares@yahoo.com>,
> brt_informatics@wlink.com.np, lartc@mailman.ds9a.nl
>
> On Monday 30 September 2002 17:26, Michael T. Babcock wrote:
> > Stef Coene wrote:
> > >And one of the mose convincing arguments to me : htb is actively
> > > maintained. If there is a bug or performance problem, it will get
fix> ed.
> >
> > And, being newer code that many of us have looked at, patches / fixes
> > will probably flow to the maintainer faster than CBQ ones.
> >
> > BTW, how many people are using the patched SFQ (ESFQ?) these days, and
> > how stable is it?
> I used it and it was stable. I''m going to switch over to kernel
2.5. Wi> ll=20
> the efsq patch apply?
>
> Stef
>
> --=20
>
> stef.coene@docum.org
> "Using Linux as bandwidth manager"
> http://www.docum.org/
> #lartc @ irc.oftc.net
>
> --__--__--
>
> Message: 2
> From: don-lartc@isis.cs3-inc.com (Don Cohen)
> Date: Mon, 30 Sep 2002 08:55:27 -0700
> To: Simon Matthews <simon@paxonet.com>
> Cc: lartc@mailman.ds9a.nl
> Subject: Re: [LARTC] Iptables, SNAT/MASQ, Multiple gateways
>
> Simon Matthews writes:
> > OK, this may be a reasonable approach, but how do I force it initiate
> > connections from the "fast" interface, yet allow it to fail
over to the
> > slow interface if the sytem removes the route to the fast gateway
because
> > it has detected that it is not responding?
>
> Off hand I don''t know anything built in for this (I look forward
to
> hearing an answer from someone who does), but I don''t think this
is
> really what you want anyway. It''s not as if your link is the only
one
> that could fail!
> If ISP1''s upstream link fails then you want to use ISP2 for all
> traffic other than that intended for ISP1 itself. And of course,
> problems further upstream prevent you from reaching certain addresses
> but not others, and you don''t really know which without a global
view
> of the routing.
>
> I think the "right" solution involves monitoring the traffic.
> There''s a wide range of things you could do, the simplest being
> simply detecting that the link is not responding. You could also
> try to detect tcp retransmits, measure RTT, aggregate data to measure
> how well individual connections are working, further aggregate data to
> determine which addresses blocks are working well and which poorly, etc.
> Then use that data to decide which of your links to use for a given
> destination.
>
> I actually sent a proposal to this list that I think provides a good
> solution to the general problem: an extension to TCP (possibly even
> IP) that supports multiple addresses/ports. This would even allow you
> to switch addresses in the middle of a connection. I think what I
> described before applies more to the machine on the other side of your
> connection, which now would know both of your addresses. Whenever it
> does a tcp retransmit it switches the address. It therefore tends to
> stay on the one that works most reliably. (Perhaps this algorithm
> could be improved to take speed into account too.) This discussion
> points out that something similar should be done on your end: you
> should switch the output interface you use when you retransmit.
>
> Of course this is not yet implemented. It''s on my queue, but not
> close to the beginning. I''d be glad if someone out there could
beat
> me to it.
>
> --__--__--
>
> Message: 3
> Date: Mon, 30 Sep 2002 18:04:17 +0200
> From: Tobias Geiger <tobias.geiger@web.de>
> To: Allang@equation.co.za
> Cc: lartc@mailman.ds9a.nl
> Subject: Re: [LARTC] RE:u32 filters and compression
>
> Hi,
>
> thanks for the thanks :)
> i looked at the whitepaper on www.peribit.com and it seems that they do
> much more than the standard (lzw-) compression:
> they use kind of proxy for cachable protocols, and their MSR
("Molecular
> Sequence Reduction", sounds great ! :) Algorithm to find repeating
> patterns even across multiple packets.
>
> although i can''t really believe that this doesn''t effect
latency the
> technical approach sounds amazing.
>
> The great "disadvantage" is that u need such a box at both ends
> (obviously) unlike compressed pppd (at least i think windows understands
> compressed-pppd, or?) which is more platform independent. But i admit
> this is like comparing apples with pears...
>
> Allan Gee wrote:
> > Thanks: To Stef and Tobias Geiger for giving me the answer. I used
> > the prio to get the order right. Don''t know why I
did''nt think of it
> > myself. Compression: Another thing that might be useful to the list
> > is the use of compression (Deflate etc.) to get better bandwidth
> > across links. This requires a Linux router at both ends of the link.
> > I got the idea from a product called Peribit see www.peribit.com (
> > and mainly from Martin Devera who pointed out to me that Linux does
> > compression already with ppp. ) I have now started to work on getting
> > compression built into my traffic shaping/router products that are
> > Linux based. Putting that in place of Cisco should be a much
> > better/cheaper solution do you not think? One could even shape the
> > port that the pppoe runs on. I have looked at Zebedee which also has
> > a solution for "Windows" boxes. Anyway I''ve just
started to do this
> > and If anyone is interested I will let you know the outcome.
> >
> > Regards Allan Gee Equation 021 4181777 www.equation.co.za ,S
> > f??)?+-?L)??Y???=jya???f??f?v?Z?_?j)fj??b??????ps?L?m??????r??/==>
> --__--__--
>
> Message: 4
> From: "Rimas" <rmocius@auste.elnet.lt>
> To: <lartc@mailman.ds9a.nl>
> Date: Mon, 30 Sep 2002 17:11:22 +0100
> Subject: [LARTC] ip route
>
> This is a multi-part message in MIME format.
>
> ------=_NextPart_000_0258_01C268A4.66DDC390
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> Hi folks,
>
> How with ip route permanently delete default route and add a new one?
> I use RedHat 7.3.
>
> Thank you in advance
>
> Rimas
> ------=_NextPart_000_0258_01C268A4.66DDC390
> Content-Type: text/html;
> charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0
Transitional//EN">
> <HTML><HEAD>
> <META http-equiv=3DContent-Type content=3D"text/html; >
charset=3Diso-8859-1">
> <META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
> <STYLE></STYLE>
> </HEAD>
> <BODY bgColor=3D#ffffff>
> <DIV><FONT face=3DArial size=3D2>
> <DIV><FONT face=3DArial size=3D2>Hi
folks,</FONT></DIV>
> <DIV><FONT face=3DArial
size=3D2></FONT> </DIV>
> <DIV><FONT face=3DArial size=3D2>How with ip
route permanently > delete default=20
> route and add a new one?</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2>I use RedHat
7.3.</FONT></DIV>
> <DIV><FONT face=3DArial
size=3D2></FONT> </DIV>
> <DIV><FONT face=3DArial size=3D2>Thank you in
advance</FONT></DIV>
> <DIV><FONT face=3DArial
size=3D2></FONT> </DIV>
> <DIV><FONT face=3DArial >
size=3D2>Rimas</FONT></DIV></FONT></DIV></BODY></HTML>
>
> ------=_NextPart_000_0258_01C268A4.66DDC390--
>
> --__--__--
>
> Message: 5
> Date: Mon, 30 Sep 2002 11:42:40 -0500
> From: James Sneeringer <james+lartc@vincentsystems.com>
> To: lartc@mailman.ds9a.nl
> Subject: Re: [LARTC] Rip problems
>
> On Sat, Sep 28, 2002 at 01:46:37PM -0400, Joseph Watson wrote:
> | EXPORT_GATEWAY="no"
> | SILENT="no"
>
> This should cause the equivalent of "routed -s" to be run. The
"-s" tells
> routed to send routing updates. Check with "ps ax". You can get
further
> debugging out of it with "-d" and "-t".
>
> | When I start routed, the appropriate routes show up in the portmaster
after
> | about a 30 seconds, and all works good for about 2 1/2 minutes. Then the
> | portmaster sets the Metric to 16 for the route to my subnet behind the
> | firewall, and routing quits working.
>
> PortMasters do this when they think they need to remove the route from the
> routing table. They set the "O" flag (for obsolete, I guess) and
set the
> metric to 16 (because 16 is the largest metric permitted by RIPv1). The
> route will eventually disappear from the table unless another update is
> received.
>
> | If I restart routed, we will repeat the
> | process. If I stop routed during the 2 1/2 mins, it will immediately set
the
> | Met to 16. This tells me that they are communicating because when I shut
> | routed down the metric is set to 16. But why does this happen exactly at
2
> | 1/2 min?? I am quite confused?
>
> It sounds like routed isn''t sending routing updates. RIPv1 sends
the whole
> routing table every 30 seconds to the broadcast address (which is why it
> takes about 30 seconds for the PortMaster to see the routes). My guess is
> it''s only sending out the initial announcement, and when the PM
doesn''t see
> subsequent announcements for a couple minutes, it drops the routes.
>
> If possible, consider using OSPF instead. RIPv1 is quite obsolete and
> generally useless on subnetted networks like yours. PortMasters have done
> OSPF since ComOS 3.5, and you can implement it on Linux with zebra or
gated.
> For further PortMaster-specific help, consider subscribing to the
> portmaster-users@portmasters.com list. See http://www.portmasters.com/
> for more info.
>
> -James
>
> --__--__--
>
> Message: 6
> Date: Mon, 30 Sep 2002 13:05:54 -0400
> From: "Michael T. Babcock" <mbabcock@fibrespeed.net>
> Organization: FibreSpeed Ltd.
> To: Don Cohen <don-lartc@isis.cs3-inc.com>
> Cc: Simon Matthews <simon@paxonet.com>, lartc@mailman.ds9a.nl
> Subject: Re: [LARTC] Iptables, SNAT/MASQ, Multiple gateways
>
> Don Cohen wrote:
>
> >I actually sent a proposal to this list that I think provides a good
> >solution to the general problem: an extension to TCP (possibly even
> >IP) that supports multiple addresses/ports. This would even allow you
> >to switch addresses in the middle of a connection. I think what I
> >
> >
> SCTP actually supports this already; look it up -- its quite a bit
> different from TCP but allows you to do all the same types of things,
> with more options.
>
> That said, a Zebra (routing software) plugin that would run iptables
> scripts would be all you''d need in many cases.
>
> --
> Michael T. Babcock
> C.T.O., FibreSpeed Ltd.
> http://www.fibrespeed.net/~mbabcock
>
> --__--__--
>
> Message: 7
> Date: Mon, 30 Sep 2002 20:11:58 +0200
> From: Jose Luis Domingo Lopez <lartc@24x7linux.com>
> To: lartc@mailman.ds9a.nl
> Subject: Re: [LARTC] Iptables, SNAT/MASQ, Multiple gateways
>
> On Sunday, 29 September 2002, at 22:18:30 -0700,
> Don Cohen wrote:
>
> > > ip route add default nexthop via $CONN1_IP dev $ETHX weight $X \
> > > nexthop via $CONN2_IP dev $ETHX weight $Y
> >
> > Note that this only shapes outgoing traffic and also relies on your
> > ISPs to NOT do the ingress filtering that they''re really
supposed to do.
> >
> Just a note. The above routing doesn''t prevent you from applying
> SNAT/MASQ to the outgoing traffic, at least not when you have an
> ethernet card for each connection (not the case) and you can know
> through each one the traffic will go out.
>
> So adding another ethernet card and a couple of "iptables" rules
can
> avoid problems with ISPs filtering "alien" incoming traffic :)
>
> --
> Jose Luis Domingo Lopez
> Linux Registered User #189436 Debian Linux Woody (Linux 2.4.19-pre6aa1)
>
> --__--__--
>
> Message: 8
> From: "Rimas" <rmocius@auste.elnet.lt>
> To: <lartc@mailman.ds9a.nl>
> Date: Mon, 30 Sep 2002 19:28:36 +0100
> Subject: [LARTC] Two ISP and NAT
>
> This is a multi-part message in MIME format.
>
> ------=_NextPart_000_007A_01C268B7.92A0F0C0
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> Hi folks,
>
> I have 2 ISP Inet connections.
>
> 1 Inet I (eth0) use have used for everything (SMTP server, MASQ for >
local network)
> I got the 2 INET (eth1) and made some changes:
>
> They both have MASQ:
> iptables -t nat -A POSTROUTING -o $EXTERNAL_INTERFACE_2 -j >
MASQUERADE (2 Inet)
> iptables -t nat -A POSTROUTING -o $EXTERNAL_INTERFACE_1 -j >
MASQUERADE (1 Inet)
>
> I changed default route to eth1 and put some additional route:=20
> ip route rep default via ext_ip2 dev eth1
> ip route add 1.2.3.4 via ext_ip1 (eth0)
>
> And now I''m having a problem with my email server (Lotus Notes on
> Linux).
> It can send emails via SMTP but cannot use encrypted Lotus connection >
and receive emails as well.
>
> iptables -t nat -A PREROUTING -i $EXTERNAL_INTERFACE_1 -p tcp -d >
$EXTERNALIP_1 --dport 25 \
> -j DNAT --to-destination 1.2.3.196:25
>
> # Lotus Notes Encrypted connection (tcp 1352) port forward from eth0 to
> internal ip 10.105.105.196 =20
> iptables -t nat -A PREROUTING -i $EXTERNAL_INTERFACE_1 -p tcp -d >
$EXTERNALIP_1 --dport 1352 \
> -j DNAT --to-destination >
1.2.3.196:1352
>
> And how to route with ip route command that email server have to use not
> the default route (eth1) but eth0.
>
> What I need to configure more to get working back my email server?
>
> Thank you in advance
>
> Rimas
>
> ------=_NextPart_000_007A_01C268B7.92A0F0C0
> Content-Type: text/html;
> charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0
Transitional//EN">
> <HTML><HEAD>
> <META http-equiv=3DContent-Type content=3D"text/html; >
charset=3Diso-8859-1">
> <META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
> <STYLE></STYLE>
> </HEAD>
> <BODY bgColor=3D#ffffff>
> <DIV>
> <DIV><FONT face=3DArial size=3D2>Hi
folks,</FONT></DIV>
> <DIV><FONT face=3DArial
size=3D2></FONT> </DIV>
> <DIV><FONT face=3DArial size=3D2>I have 2 ISP Inet >
connections.</FONT></DIV>
> <DIV><FONT face=3DArial
size=3D2></FONT> </DIV>
> <DIV><FONT face=3DArial size=3D2>1 Inet I (eth0) use have used
for > everything (SMTP=20
> server, MASQ for local network)</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2>I got the 2 INET (eth1)
and made > some=20
> changes:</FONT></DIV>
> <DIV><FONT face=3DArial
size=3D2></FONT> </DIV>
> <DIV><FONT face=3DArial size=3D2>They both have
MASQ:</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2>
iptables -t nat -A > POSTROUTING=20
> -o $EXTERNAL_INTERFACE_2 -j MASQUERADE (2
Inet)<BR> > iptables=20
> -t nat -A POSTROUTING -o $EXTERNAL_INTERFACE_1 -j MASQUERADE (1=20
> Inet)</FONT></DIV>
> <DIV><FONT face=3DArial
size=3D2></FONT> </DIV>
> <DIV><FONT face=3DArial size=3D2>I changed default route to
eth1=20
> and </FONT><FONT face=3DArial size=3D2>put some
additional > route:=20
> </FONT></DIV>
> <DIV><FONT face=3DArial size=3D2>ip route rep default via
ext_ip2 dev > eth1<BR>ip=20
> route add 1.2.3.4 via ext_ip1
(eth0)</FONT></DIV>
> <DIV><FONT face=3DArial
size=3D2></FONT> </DIV>
> <DIV><FONT face=3DArial size=3D2>And now I''m having a
problem with my > email server=20
> (Lotus Notes on Linux).</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2>It can send emails via SMTP
but cannot > use=20
> encrypted Lotus connection and receive emails as
well.</FONT></DIV>
> <DIV><FONT face=3DArial
size=3D2></FONT> </DIV>
> <DIV><FONT face=3DArial size=3D2> iptables -t nat -A
PREROUTING -i=20
> $EXTERNAL_INTERFACE_1 -p tcp -d $EXTERNALIP_1 --dport 25=20
>
\<BR> &n>
bsp; &nb>
sp; =20
> -j DNAT --to-destination 1.2.3.196:25</FONT></DIV>
> <DIV><FONT face=3DArial
size=3D2></FONT> </DIV>
> <DIV><FONT face=3DArial size=3D2># Lotus Notes Encrypted
connection (tcp > 1352) port=20
> forward from eth0 to internal ip 10.105.105.196
<BR> iptables > -t nat=20
> -A PREROUTING -i $EXTERNAL_INTERFACE_1 -p tcp -d $EXTERNALIP_1 --dport >
1352=20
>
\<BR> &n>
bsp; &nb>
sp; =20
> -j DNAT --to-destination 1.2.3.196:1352</FONT></DIV>
> <DIV><FONT face=3DArial
size=3D2></FONT> </DIV>
> <DIV><FONT face=3DArial size=3D2>And how to route with ip route
command=20
> that email server have to use not the default
route > (eth1) but=20
> eth0.</FONT></DIV>
> <DIV><FONT face=3DArial
size=3D2></FONT> </DIV>
> <DIV><FONT face=3DArial size=3D2>What I need to configure more
to get > working back=20
> my email server?</FONT></DIV>
> <DIV><FONT face=3DArial
size=3D2></FONT> </DIV>
> <DIV><FONT face=3DArial
size=3D2></FONT> </DIV>
> <DIV><FONT face=3DArial size=3D2>Thank you in
advance</FONT></DIV>
> <DIV><FONT face=3DArial
size=3D2></FONT> </DIV>
> <DIV><FONT face=3DArial size=3D2>Rimas</FONT></DIV>
> <DIV><FONT face=3DArial
size=3D2></FONT> </DIV></DIV></BODY></HTML>
>
> ------=_NextPart_000_007A_01C268B7.92A0F0C0--
>
> --__--__--
>
> Message: 9
> Date: Mon, 30 Sep 2002 22:24:03 +0000 (GMT)
> From: Julian Anastasov <ja@ssi.bg>
> To: "Michael T. Babcock" <mbabcock@fibrespeed.net>
> Cc: Don Cohen <don-lartc@isis.cs3-inc.com>,
> Simon Matthews <simon@paxonet.com>,
<lartc@mailman.ds9a.nl>
> Subject: Re: [LARTC] Iptables, SNAT/MASQ, Multiple gateways
>
> Hello,
>
> On Mon, 30 Sep 2002, Michael T. Babcock wrote:
>
> > Don Cohen wrote:
> >
> > >I actually sent a proposal to this list that I think provides a
good
> > >solution to the general problem: an extension to TCP (possibly
even
> > >IP) that supports multiple addresses/ports. This would even allow
you
> > >to switch addresses in the middle of a connection. I think what I
>
> Yes, we can implement it as separate IP protocol :)
> Of course, at the beginning the idea may sound too stupid, we
> have to change that. May be there is already solution for that?
> A "simple" tunnel without encryption that will support failover
> and balancing of the negotiated traffic, ability to negotiate
> multiple IPs for each endpoint. Of course, there should be some
> problems with the proper tunneling of this traffic in each end,
> see how difficult is routed the IPSec traffic. Each endpoint will do
> failover detection of all negotiated links and will do balancing (if
> desired) over these links, based on relative ratio. This tunnel
> should be transparent to the upper layers (TCP/UDP/ICMP/SCTP).
>
> > SCTP actually supports this already; look it up -- its quite a bit
> > different from TCP but allows you to do all the same types of things,
> > with more options.
>
> But this feature is only for SCTP. We want the traffic
> from one multihomed router to use multiple links when talking
> to another router, both understanding this "our new" IP tunneling
> protocol.
>
> I see it in this way: when such packet is received, we
> decapsulate it and place it on the expected interface. As
> result, the upper layers will see the packet on the right
> input interface even if it is received on another input
> interface (for example, if it is the only alive).
>
> Regards
>
> --
> Julian Anastasov <ja@ssi.bg>
>
> --__--__--
>
> Message: 10
> Date: Mon, 30 Sep 2002 12:24:58 -0700 (PDT)
> From: Simon Matthews <simon@paxonet.com>
> To: Don Cohen <don-lartc@isis.cs3-inc.com>
> Cc: lartc@mailman.ds9a.nl
> Subject: Re: [LARTC] Iptables, SNAT/MASQ, Multiple gateways
>
> On Mon, 30 Sep 2002, Don Cohen wrote:
>
> > Simon Matthews writes:
> > > OK, this may be a reasonable approach, but how do I force it
initiate
> > > connections from the "fast" interface, yet allow it to
fail over to the
> > > slow interface if the sytem removes the route to the fast
gateway because
> > > it has detected that it is not responding?
> >
> > Off hand I don''t know anything built in for this (I look
forward to
> > hearing an answer from someone who does), but I don''t think
this is
> > really what you want anyway. It''s not as if your link is the
only one
> > that could fail!
>
> Don, there are some kernel patches (already installed on my system) that
> support dead gateway detection and static routes. "Static" means
that the
> routes are not forgotten when the system removes an interface because the
> gateway is not working.
>
> But the problem remains: how to handle this in iptables MASQ/SNAT
> commands? One can postulate that if the interface is removed because the
> gateway is dead, then the MASQ command will use the source related to the
> other gateway.
>
> However, the question now is: how to force the system to use the source
> address related to the "fast" gateway under normal operation
while
> allowing a failover to the the slow gateway?
>
> Simon
>
> --__--__--
>
> Message: 11
> Date: Mon, 30 Sep 2002 12:26:43 -0700 (PDT)
> From: Simon Matthews <simon@paxonet.com>
> To: "Michael T. Babcock" <mbabcock@fibrespeed.net>
> Cc: Don Cohen <don-lartc@isis.cs3-inc.com>,
<lartc@mailman.ds9a.nl>
> Subject: Re: [LARTC] Iptables, SNAT/MASQ, Multiple gateways
>
> On Mon, 30 Sep 2002, Michael T. Babcock wrote:
>
> > Don Cohen wrote:
> >
> >
> > That said, a Zebra (routing software) plugin that would run iptables
> > scripts would be all you''d need in many cases.
>
> The ISP that provides the "fast" connection won''t
provide any IGP routing
> information (RIP, OSPF, etc), so I don''t think this is possible.
>
> >
> >
>
> --__--__--
>
> Message: 12
> Subject: RE: [LARTC] Iptables, SNAT/MASQ, Multiple gateways
> Date: Mon, 30 Sep 2002 14:41:34 -0500
> From: "Greg Scott" <GregScott@InfraSupportEtc.com>
> To: <lartc@mailman.ds9a.nl>
> Cc: "Chris Leiseth (E-mail)" <leichr@dunwoody.tec.mn.us>
>
> =20
> > ip route add default nexthop via $CONN1_IP dev $ETHX weight $X \
> > nexthop via $CONN2_IP dev $ETHX weight $Y
> >
>
> Would this technique work for more than two gateways? How many nexthop
> clauses are allowed? Is there a limit?
>
> thanks
>
> - Greg Scott
>
> --__--__--
>
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc
>
> End of LARTC Digest