Hello fellows

I am to set my linux box for alternating between outbound connections. That is, first connection should take ISP 1 while second connection will take ISP2, next ISP1 and so on... The connections are generated from the internal LAN and not from the box itself.

So basically i have the box with eth0 pointing to the LAN, then eth1 -> ISP 1 + eth2 -> ISP 2.

The problem i am having now is that the first connection works, but the second connection for some reason gets stuck on the way back. Meaning the SYN ACK is grabbed by the box but its never forwarded to the host in the LAN. you can take a look at the "iptables -t mangle -L -n"

Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination NEW_OUT_CONN all -- 0.0.0.0/0 0.0.0.0/0 state NEW
NEW_OUT_CONN all -- 0.0.0.0/0 0.0.0.0/0 state NEW
ROUTE all -- 0.0.0.0/0 0.0.0.0/0 CONNMARK match 0x2 ROUTE oif:eth1 continue
ROUTE all -- 0.0.0.0/0 0.0.0.0/0 CONNMARK match 0x3 ROUTE oif:eth2 continue

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain NEW_OUT_CONN (2 references)
target prot opt source destination CONNMARK all -- 0.0.0.0/0 0.0.0.0/0 CONNMARK set 0x0
RETURN all -- 0.0.0.0/0 0.0.0.0/0 statistic mode nth every 2
CONNMARK all -- 0.0.0.0/0 0.0.0.0/0 CONNMARK set 0x2
RETURN all -- 0.0.0.0/0 0.0.0.0/0 statistic mode nth every 2 packet 1


IP forwarding and RP are checked.. I am using ubuntu 7.04, Kernel 2.16.20 and iptables 1.3.8. ROUTE, NTH and connmark modules in shape... NAT is also working. Both links are working fine separately so it is not a layer 1 issue.

Thank you for any hints, suggestions or ideas... and i hope not to bother you too much

Antonio