Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 09-25-2006, 01:27 PM   #1
Registered: Jan 2003
Location: Antarctica
Distribution: *watches the penguins pass by*
Posts: 56

Rep: Reputation: 15
IPTables snat help

I have set up a computer that uses multiple virtual interfaces with a total of about 10 ip's.

I have set up iptables with snat, so that each request coming from the computer is balanced across the pool of these 10 ip's.

For more information on why, I won't reiterate, see here: works, as long as the requests don't originate from the computer on which the virtual interfaces are(server1). If I set another computer (server2) to use it (server1) as it's(server2) gateway, it works just fine. Though, the round-robin load balancing seems a bit wonky, as it does a balance. Meaning that packets have a source address of the first address in the pool for the first three packets, THEN it's more round robin.

I'm using the command:
iptables -t nat -p all -A POSTROUTING -s -j SNAT --to-source
The second problem I have, is I cannot get it to round-robin the source address for packets originating on the same machine, only for machines that use (server1) it as their gateway. I've been told I need to do some packet marking using iptables, so that the server1 originating packets are processed by iptables, but I'm not sure where to begin.

Any help at all will be much appreciated.

Old 10-01-2006, 11:49 AM   #2
Senior Member
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86_64; Gentoo PPC; FreeBSD; OS X 10.9.4
Posts: 3,760
Blog Entries: 4

Rep: Reputation: 78
Well, when using round-robin, I believe the kernel will remember and use the same ip for connections from the same host (though I may be thinking of OpenBSD's pf). This may explain why it is not a true round-robin.

As for your second question, I have not used it and am unsure of its intended uses but here are some docs:


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables port80 forward and snat pthegreat Linux - Security 5 01-16-2006 09:03 PM
iptables port80 forward and snat pthegreat Red Hat 1 01-13-2006 03:25 PM
IPTABLES DNAT SNAT Re-Addressing jccurtis Linux - Networking 1 01-03-2006 04:41 PM
IPtables: SNAT & Aliasing kegwell Linux - Security 2 01-05-2005 08:55 PM
IPTables: DNAT, SNAT and Masquerading tarballed Linux - Security 3 12-10-2004 03:45 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:23 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration