the router must use one and only one channel for a connection ! one can not send one packet of a connection on one channel (and one source ip) and the next packet from a different chunnel (and different source ip) becuase the remote side of the connection gets different source ips for the same connection and gets confused
also one can not send on one chunnel with the other's source ip because that's spoofing ... also, i tought of ANOTHER WAY AN ISP CAN IDENTIFY MASQUERADING: I know a http server knows the ip of the http request initiator. this could be because it sees from what IP the request initiated from. but it could also be as one of the parameters a browser anonces ( like what kind of browser and OS ). in the later case, a transparent proxy can block http requests that do not originate from a valid or expected IP ( e.g. a masquarding router does not modify the IP the broser anonces as part of the http request) regards erez. Joseph Teichman wrote: >My question to you would be how is your router set up to do load >balancing and masquerading? Problems could arise if the router randomly >send out packets over the different channels that you have available. >So, for any given TCP connection, does it make sure to only transmit >packets that are marked with the return IP address of that connection >over the connection that is assigned with that IP address (an example of >NOT doing this would be: sending out packets that carry the return >address of the frame relay connection over the DSL connection and vise >versa)? If not, then it will cause the transparent proxy of your ISP to >choke over malformed requests. They may have logic in the proxy to >detect insane requests and lock them out. If this is the problem, then >the solution would be to set up rules in the router to stop this >behavior. > >Yossi > > >On Mon, 2002-08-19 at 10:31, Eli Marmor wrote: > >>Hi! >> >>I have 2 ADSL accounts at 012 (I love to pay them twice ;-), as well >>as an expensive frame-relay (aquanet). I installed and configured a >>Linux router (based on Devil-Linux) to serve as a router, firewall, >>etc. It uses both of the lines (FR+ADSL) for connection with the >>world, and splits the internal traffic to DMZ and clients. >> >>Recently, without changing anything in my configuration, I noticed a >>strange behavior: After a while, the ADSL connection stops to serve >>HTTP requests (i.e.: I can FTP, ping, and traceroute any site, and >>even surf the website of 012, but not (HTTP)-surf any external >>website). If I disconnect and re-connect, everything is perfect again >>(until a while... and so on and so forth...). >> >>Is it possible that some ISP's (012 in my case) "block" IP >>masquerading? >> >>If it's true, then who are the ISP's that do it? >> >>And if it isn't true, then what is the reason for this strange >>behavior? >> >>Contrary to businesses with hundreds of employees that use one cheapy >>private ADSL account, I already pay dozens of thousands of Dollars >>yearly for 2.5 users (including me), so paying more (or in other >>words: "upgrading" my deal to the business one) is not a viable >>solution for me. >> >>-- >>Eli Marmor >>[EMAIL PROTECTED] >>CTO, Founder >>Netmask (El-Mar) Internet Technologies Ltd. >>__________________________________________________________ >>Tel.: +972-9-766-1020 8 Yad-Harutzim St. >>Fax.: +972-9-766-1314 P.O.B. 7004 >>Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel >> >>================================================================= >>To unsubscribe, send mail to [EMAIL PROTECTED] with >>the word "unsubscribe" in the message body, e.g., run the command >>echo unsubscribe | mail [EMAIL PROTECTED] >> >> > > > >================================================================= >To unsubscribe, send mail to [EMAIL PROTECTED] with >the word "unsubscribe" in the message body, e.g., run the command >echo unsubscribe | mail [EMAIL PROTECTED] > ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
