Hi folks, I'm having a bad time doing a setup that is a little complex. I do have 2 ADSL links, both working. And i have and DMZ and a LAN. The setup is this: LAN net: 10.0.0.0/24 DMZ net: 10.1.1.0/24 LINK#1 NET: 192.168.200.0/24 LINK#1 IP: 192.168.200.1 LINK#1 GATEWAY: 192.168.200.254 LINK#2 NET: 192.168.201.0/24 LINK#1 IP: 192.168.201.1 LINK#1 GATEWAY: 192.168.201.254
I'm doing nat on both interfaces and have a ftp-proxy properly configured, with a rdr rule redirecting the traffic to it. I did made a rule with the round-robin, and made it work flawlessly. My problem arises in the following form: If i let only one link working (don't use round-robin), the ftp-proxy works both for passive connections and for active connections made from LAN and from DMZ. If i active the round-robin, and use the ftp-proxy with the -n switch, the active mode works flawlessly, but in the passive mode, if the client is going out trough the LINK#2, the remote server says that my control and data connections are coming from different places. I want to: 1) either make both the control connections and passive data connections go out trough the same interface and gateway, as LINK#1 2) make ftp-proxy make the control connection trough the same link the passive connection will go out (then i will use round-robin with sticky address) I have a strange problem using ftp-proxy without the -n switch. If i interpreted the manual correctly, even the pasive connections will go trough the proxy, with should eliminate my problem, because even if a machine on LAN net is going out trough the LINK#2, the passive connection will go out trough the same link that the firewall itself is using as default gateway (LINK#1). But if i don't use the -n switch, the active connections still work, but passive connections have the destination not to the remote server, but to the LINK#1 IP, or 192.168.200.1, that is very strange, and the connections time out. I played with the -a and -S switches, but without any luck. If some one have some light, i would be glad. This is the only thing that is holding me using load balancing in full time. Thanks in advance, -- Giancarlo Razzolini Linux User 172199 Moleque Sem Conteudo Numero #002 Slackware Current OpenBSD Stable Snike Tecnologia em Informatica 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]