Hi Everyone,

Its my first time here so please excuse if I make newbie mistakes.

Problem:

I want to be able to send out going traffic using different external IP addresses. I understand the concept of NAT but I have only come across examples where multiple internal ip addresses are mapped onto 1 external IP address. I want to be able to load balance this traffic across more than 1 external address.

Is there anything that can do this?

Many thanks in advance.

Dan

If you had asked the question from the opposite perspective then I would recommend round robin DNS. I'll explain anyway.

If you had two IP addresses and wanted to load balance between them, such as distributing load over two web servers, then you could simply make two DNS entries for the common DNS name. Each DNS record would have one of the IP addresses. The DNS server would alternate between the IP addresses when queried about the common name.

My understanding of your question is that you want to do that from the client side. I don't know about that. Maybe you could try this two record approach using your client /etc/hosts file but I don't know if that would work. I expect that if trying this in the hosts file your client would always match the first record and never use the second record.

Actually, as I understand dwmartini has two ISPs, and he wants to distribute the load from the internal network over the two ISPs (something like 2 64kbps connection = 1 128kbps connection).

This is possible and it's called load balancing. The setup is described at the bottom of this page but I suggest you read everything there, so you will get the full picture: http://lartc.org/howto/lartc.rpdb.multiple-links.html

Thanks people for the replies.

To clarify my situation: (Its a virtual situation as I haven't set this up yet)

The thing I need is multiple IP addresses, I don't mind if they all come from the same ISP, but its the ability to have 10 or more external IP addresses and balance across them from my internal network.

So the scenario is like this. I have a client app sending traffic out to the internet via my router. When the traffic, from my client app, gets to my router it swaps the internal IP address for a random external IP address from a large pool of addresses which my ISP has given me. When the reply comes back from the internet the router maps it back to the internal IP address. I guess it sounds like the reverse of what NAT is normally doing (mapping lots of internal addresses to a single external IP).

Does this sound possible?

As a side question: Do you know how easy it is to get 10 or more addresses from an ISP?

Many thanks in advance.

Any corporation, organization, or individual only needs one Internet address. Why do you want so many? I expect that your ISP would be happy to assign more addresses to you for a fee and if they have any available. But once again even an ISP only needs one public Internet address. Any more is just wasteful.

Back to the original question. If these ten outside addresses are static then you could still use the round robin DNS solution. You could set up your own DNS server to serve these name/address mappings. If you already have your own DNS server then you could put these ten addresses in a new zone on your DNS server. Make up your own common name for the 10 addresses and have your DNS server provide the name/address mapping.

Clear as mud
you want your internal hosts to have private addresses being NATed from a pool of 10 public addresses.

I am not sure how todo this with linux but say on a cisco router
you can have a pool of public addresses that can be dynamicly
assigned to your local private address space.

this is how it could be done with IOS...
Assume the 10.x.x.x to be a public address space and the 192.x.x.x to be your internal netwerk. Assign ip nat inside to your internal interface and outside to the inteface connected to your isp.

This wouldn't be load balancing more like address balancing.

Now I'm going to have to finger out how todo it with linux

hmmm...
same assumtions as my previous post, using iptables on linux, maybe something like the following:

iptables --table nat --append POSTROUTING --source 192.168.1.0/24 --jump SNAT --to-source 10.1.1.1-10.1.1.10

Many thanks again for this information.

The goal I am trying to reach is something along the lines of an anonymizer like service, see diagram on link:

www .anonymizer. com/ enterprise/solutions/ enterprise_chameleon/

The "annoymizing mixing network" box is what i am trying to emulate with a Linux server. I'm not sure if this has been done before in linux hence my vague questions with *wooley* terminology. But this has been a great learning process and I am much more definate on what I want now...

As irpstrcr says :
This wouldn't be load balancing more like address balancing.

Thats exactly what I want, an address balancing router which if scaled up with enough IP addresses would provide an anonymising type service.

If this has been done or is possible I would love to know.

Cheers people

Is it possible... sure anything is possible.

Going by the link you provided, it looks like they are providing basicly
a proxy service. Think about it this way:

Many customers each conected via seperate VPNs to a cluster of proxy servers
the proxy servers all sit behind a firewall/NAT box with, I would
assume, connections to multiple ISPs.

The VPN to the Proxy box would ensure the other customers do not see each
others traffic. The Proxy box would prolly do some mangling of higher
level headers (top of my head email headers / HTTP referer etc..) The
router to the outside would be dynamicly assigning addresses from a pool
provided by the ISPs to the proxy cluster.

End result, each new connection could have a diferent src address and the
only point to know which customer actually owns the traffic would be the
proxy.