LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 09-25-2006, 01:27 PM   #1
DukeLeto
Member
 
Registered: Jan 2003
Location: Antarctica
Distribution: *watches the penguins pass by*
Posts: 56

Rep: Reputation: 15
IPTables snat help


I have set up a computer that uses multiple virtual interfaces with a total of about 10 ip's.

I have set up iptables with snat, so that each request coming from the computer is balanced across the pool of these 10 ip's.

For more information on why, I won't reiterate, see here:
http://www.linuxquestions.org/questi...d.php?t=481720

Now....it works, as long as the requests don't originate from the computer on which the virtual interfaces are(server1). If I set another computer (server2) to use it (server1) as it's(server2) gateway, it works just fine. Though, the round-robin load balancing seems a bit wonky, as it does a 1.1.1.2.3.4.1.1.1.2.3.4 balance. Meaning that packets have a source address of the first address in the pool for the first three packets, THEN it's more round robin.

I'm using the command:
Code:
iptables -t nat -p all -A POSTROUTING -s 0.0.0.0/0 -j SNAT --to-source 10.13.199.1-10.13.199.3
The second problem I have, is I cannot get it to round-robin the source address for packets originating on the same machine, only for machines that use (server1) it as their gateway. I've been told I need to do some packet marking using iptables, so that the server1 originating packets are processed by iptables, but I'm not sure where to begin.

Any help at all will be much appreciated.

Thanks,
Michael
 
Old 10-01-2006, 11:49 AM   #2
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86_64; Gentoo PPC; FreeBSD; OS X 10.9.4
Posts: 3,743
Blog Entries: 4

Rep: Reputation: 76
Well, when using round-robin, I believe the kernel will remember and use the same ip for connections from the same host (though I may be thinking of OpenBSD's pf). This may explain why it is not a true round-robin.

As for your second question, I have not used it and am unsure of its intended uses but here are some docs:
http://www.tldp.org/HOWTO/Adv-Routin...netfilter.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables port80 forward and snat pthegreat Linux - Security 5 01-16-2006 09:03 PM
iptables port80 forward and snat pthegreat Red Hat 1 01-13-2006 03:25 PM
IPTABLES DNAT SNAT Re-Addressing jccurtis Linux - Networking 1 01-03-2006 04:41 PM
IPtables: SNAT & Aliasing kegwell Linux - Security 2 01-05-2005 08:55 PM
IPTables: DNAT, SNAT and Masquerading tarballed Linux - Security 3 12-10-2004 03:45 PM


All times are GMT -5. The time now is 09:33 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration