Re: Problems with load balancing

On Feb 22, 2005, at 6:20 PM, Daniel Hartmeier wrote:

On Tue, Feb 22, 2005 at 06:09:32PM -0500, Jaime Vargas wrote:

#  nat outgoing connections on each internet interface
nat on $ext_if1 from $lan_net to any -> $ext_ip1_2
nat on $ext_if1 from $lan_net to any -> $ext_ip1_1

This won't work, the criteria in both rules are the same (same interface, same source address), so the second rule never matches, because the first one already does.

If you could use tagged in nat rules, that might be an option, but I
don't think that's supported yet.

That was my suspicion thanks for clarifying this.

#  route packets from any IPs on $ext_if1 to $ext_gw1 and the same for
#  $ext_if2 and $ext_gw2
pass out on $ext_if1 route-to ($ext_if1 $ext_gw1_2) from $ext_ip1_2 to
pass out on $ext_if1 route-to ($ext_if1 $ext_gw1_1) from $ext_ip1_1 to

You miss 'keep state' on these rules.

What's the reason you don't connect the second uplink to a dedicated
NIC? It would probably make things easier to configure.

Mainly because the Soekris 4801 box that we are using has all of its NICs busy. I will look into changing the hardware.