The NATted device is a nomadix gateway. The PPPoE is terminated on DSL routers and there are routable subnets between the zeroshell box and the routers. I tested both scenarios with two PCs behind the nomadix in the routed mode i.e. with NAT only done on the zeroshell and with NAT done on both the zeroshell and nomadix. I did not see any difference and I could see that when I was simultaneously sending traffic to the same destination from both PCs it was going through the same DSL connection so it didn’t look like a connection round robin. If anything it was more like destination round robin in which case obviously it wouldn’t matter if the zeroshell box sees packets coming from a single NAT IP address or two different addresses routed from the LAN. I have been trying to work out how the load balancing works for zeroshell from the scripts in /root/kerbynet.cgi/scripts but it’s a lot of code there and I am a bit time restricted to do it. On the other hand when I look at the routing tables it looks like the load balancing is done the normal linux way i.e. based on routes which is consistent with what I see.

I don’t like the idea of doing NAT on nomadix but we have a standard nomadix configuration across different sites and plan to only have some of them load balanced so introducing different configuration options for load balanced and non-load balanced sites is a bit of a hassle.

PS. I am new to zeroshell and have been quite impressed.