ddaas 10-01-2007 05:01 AM

Load Balancing using iptables
Hi there,
I have 2 Internet connections and I want to implement the following on my linux router/firewall. It has 3 inferfaces (1xlan & 2xwan)

1. Load balancing some sort of traffic (ex http)
Web Traffic comming from the lan should balances in a round-robin fashion across wans connections.(per destination load balancing)

2. Some sort of traffic should always use one of the two connections.
Ex: icmp and tcp/ssh should always use wan1 and tcp/smtp,pop,imap should always use wan2.

O thought of something like this:


iptables -t nat -A POSTROUTING -o eth1 -p tcp --dport 22 -s -j SNAT --to-source 190.17.0.x
iptables -t nat -A POSTROUTING -o eth1 -p icmp  -s -j SNAT --to-source 192.17.0.x

iptables -t nat -A POSTROUTING -o eth0 -p tcp  -m multiport --dports 25,110,143 -s -j SNAT --to-source 89.0.x.x

echo "1" > /proc/sys/net/ipv4/ip_forward

What confuses me is that SNAT is done in POSTROUTING, this means after the routing process. How could I make the decision on what interface to send the packets based on protocol/ip/etc after the routing decision? Routing decision means choosind the outgoing interface based on some criteria (ex ip dest). right?

Please, help me understand this issue.

Many thanks

