Brian J. Murrell wrote: > On Wed, 2010-02-17 at 06:20 -0800, Tom Eastep wrote: >> That won't work. > > Why's that? It certainly appears to have worked. >
It will work so long as your ISPs are willing to forward outgoing packets with foreign source addresses. A P2P session will begin on one interface or the other; which one determines the external SOURCE and DEST IP addresses. The ipp2p module snoops packet payloads to identify P2P packets; when it identifies one, the session has already been established and all packets sent for the session will be in the ESTABLISHED Netfilter state. So they won't go through the nat POSTROUTING chain. You will end up with the same situation as earlier in this thread; packets going out through one ISP have the source IP of the other ISP. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
