Re: Looking for a better solution

#47908

Juan Silva
Member

Well, your solution sounds like “If you don’t want to have caries, don’t eat!”, As olivier1010 said, a better solution to bypass “disabling” other unstable Internet connections, is to set a static nat instead a dynamic one, my POSTROUTING chain in the nat table is now:

Chain POSTROUTING (policy ACCEPT 1867 packets, 263K bytes)
pkts bytes target prot opt in out source destination
65248 5466K SNAT all — * ppp0 0.0.0.0/0 0.0.0.0/0 to:xxx.xx.xxx.176
131K 9362K SNAT all — * ETH01 0.0.0.0/0 0.0.0.0/0 to:xxx.xxx.xx.28
1091K 85M SNATVS all — * * 0.0.0.0/0 0.0.0.0/0

As you can see, I have first inserted the SNAT before the SNATVS, and now it seems to work ok, if a connection goes down, it will keep sending the right NAT ip to the corresponding interface, anyway I really don’t know if this will cause other issues in the network, but this fixed the painful problem related to change the local IP (or port) when one of the interfaces went down and then goes up.

I disabled the NAT in the router menu for all the interfaces, and added a startup command in the setup menu like this:

iptables –table nat -I POSTROUTING 1 -o ETH01 -j SNAT –to-source xxx.xxx.xx.28
iptables –table nat -I POSTROUTING 1 -o ppp0 -j SNAT –to-source xxx.xx.xxx.176

in the NAT and Virtual Servers script.

Note that my providers gave me static IP addresses so this won’t be useful for dynamic ones.