Doing routing based on this:
http://lartc.org/howto/lartc.rpdb.multiple-links.html
Have done it for over a year.
Tried a new 2.6.15 kernel.
Firewall is based on debian sarge.
Most things work ok dnat snat etc.
Can simultaneous ssh in to an internal host via both isps with no problems.
At the moment the default route is via eth2.
root@fonroute:~# ip rule
0: from all lookup local
200: from all lookup 200
201: from 216.170.136.0/24 lookup isp1
201: from 24.196.120.28/30 lookup isp2
222: from all lookup multi
32766: from all lookup main
32767: from all lookup default
root@fonroute:~# ip route list table 200
192.168.0.0/16 via 192.168.2.254 dev eth0
root@fonroute:~# ip route list table isp1
default via 216.170.136.1 dev eth1 proto static src 216.170.136.82
prohibit default proto static metric 1
root@fonroute:~# ip route list table isp2
default via 24.196.120.29 dev eth2 proto static src 24.196.120.30
prohibit default proto static metric 1
root@fonroute:~# ip route list table multi
default via 24.196.120.29 dev eth2 proto static
What always fails is:
ssh into internal host via eth1.>From there ssh or ping back to the original host.
One thing I have noticed the there are far less connections in
/proc/net/ip_conntrack but connections I was testing are listed.
Was holding off posting until I could describe it better but running out
of time :-(
Sorry I know this is not enough.
I need to put it on another kernel soon but I can try on another
firewall if anyone has any ideas to try.
Thanks
John
--
John McMonagle
IT Manager
Advocap Inc.
