LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-10-2005, 11:01 AM   #1
vishamr2000
Member
 
Registered: Aug 2004
Posts: 210

Rep: Reputation: 31
load balanced iptables frewall


Hi to all,

does anyone have an idea as to how we can build a load balanced iptables firewall?

2 multi-homed PCs (3 NICs each) are connected by a cross cable. The traffic arrives on one of the PC through one interface and has to be distributed over the 2 PCs equally and processed by the firewall.

How can we do this?

Pls help if you know..

Regards,
Visham
 
Old 04-11-2005, 03:54 AM   #2
born4linux
Senior Member
 
Registered: Sep 2002
Location: Philippines
Distribution: Slackware, RHEL&variants, AIX, SuSE
Posts: 1,127

Rep: Reputation: 49
www.lartc.org
 
Old 04-11-2005, 07:19 AM   #3
vishamr2000
Member
 
Registered: Aug 2004
Posts: 210

Original Poster
Rep: Reputation: 31
load balanced firewall

Hi,

many thx for the reply..

I already checked that document but nth concrete abt load-balanced iptables firewalls in it..

If you come across anythg new..let me know..

Regards,
Visham
 
Old 06-25-2005, 08:13 AM   #4
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 376Reputation: 376Reputation: 376Reputation: 376
a simple (but not as effective as bandwidth limiting) thing you could do is use the netfilter random match module, and set it to match SYN packets with a 50% probability in the FORWARD chain... this way half of the connections would get started on one of the PCs, and the other half of the connections would get started on the other PC (in an alternating fashion)...

http://www.netfilter.org/patch-o-mat...om-base-random


here's the LQ article where i read about that:
Quote:
The random match module matches packets based on nothing more than a random choice. You can tune the logic by setting the probability that a packet is matched anywhere between 0% and 100% of the time. Example applications include simulating a faulty connection or server or distributing load across multiple mirrored Web servers. The example below distributes Web traffic among three servers. The first rule sends 33% of the connections to the server at 192.168.0.100. The next 33% is sent to 192.168.0.101 and the last third catches the remainder and passes them to 192.168.0.102:
Code:
iptables -t nat -A PREROUTING -i eth0 -p tcp \
   --dport 80 --syn -m random --average 33 \
   -j DNAT --to-destination 192.168.0.100:80
iptables -t nat -A PREROUTING -i eth0 -p tcp \
   --dport 80 --syn -m random --average 50 \
   -j DNAT --to-destination 192.168.0.101:80
iptables -t nat -A PREROUTING -i eth0 -p tcp \
   --dport 80 --syn -j DNAT \
   --to-destination 192.168.0.102:80
http://www.linuxjournal.com/node/7180/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Load Balanced Web Servers jzimmerlin Linux - Newbie 5 05-29-2005 07:56 PM
Load-Balanced Java IT Consultant Needed in Denver marctrudeau Linux - Enterprise 2 08-13-2004 08:30 AM
Redundant Load Balanced Connections to Server Huezo Linux - Networking 1 02-21-2004 06:02 PM
Iptables - Couldn't load target `ACCPET':/lib/iptables/libipt_ACCPET.so: z00t Linux - Security 3 01-26-2004 03:24 AM
does slackwares frewall come configured shanenin Linux - Security 1 10-19-2003 04:14 PM


All times are GMT -5. The time now is 12:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration