My question to you would be how is your router set up to do load balancing and masquerading? Problems could arise if the router randomly send out packets over the different channels that you have available. So, for any given TCP connection, does it make sure to only transmit packets that are marked with the return IP address of that connection over the connection that is assigned with that IP address (an example of NOT doing this would be: sending out packets that carry the return address of the frame relay connection over the DSL connection and vise versa)? If not, then it will cause the transparent proxy of your ISP to choke over malformed requests. They may have logic in the proxy to detect insane requests and lock them out. If this is the problem, then the solution would be to set up rules in the router to stop this behavior.
Yossi On Mon, 2002-08-19 at 10:31, Eli Marmor wrote: > Hi! > > I have 2 ADSL accounts at 012 (I love to pay them twice ;-), as well > as an expensive frame-relay (aquanet). I installed and configured a > Linux router (based on Devil-Linux) to serve as a router, firewall, > etc. It uses both of the lines (FR+ADSL) for connection with the > world, and splits the internal traffic to DMZ and clients. > > Recently, without changing anything in my configuration, I noticed a > strange behavior: After a while, the ADSL connection stops to serve > HTTP requests (i.e.: I can FTP, ping, and traceroute any site, and > even surf the website of 012, but not (HTTP)-surf any external > website). If I disconnect and re-connect, everything is perfect again > (until a while... and so on and so forth...). > > Is it possible that some ISP's (012 in my case) "block" IP > masquerading? > > If it's true, then who are the ISP's that do it? > > And if it isn't true, then what is the reason for this strange > behavior? > > Contrary to businesses with hundreds of employees that use one cheapy > private ADSL account, I already pay dozens of thousands of Dollars > yearly for 2.5 users (including me), so paying more (or in other > words: "upgrading" my deal to the business one) is not a viable > solution for me. > > -- > Eli Marmor > [EMAIL PROTECTED] > CTO, Founder > Netmask (El-Mar) Internet Technologies Ltd. > __________________________________________________________ > Tel.: +972-9-766-1020 8 Yad-Harutzim St. > Fax.: +972-9-766-1314 P.O.B. 7004 > Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel > > ================================================================= > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > > ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
