Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 04-10-2005, 10:01 AM   #1
Registered: Aug 2004
Posts: 210

Rep: Reputation: 31
load balanced iptables frewall

Hi to all,

does anyone have an idea as to how we can build a load balanced iptables firewall?

2 multi-homed PCs (3 NICs each) are connected by a cross cable. The traffic arrives on one of the PC through one interface and has to be distributed over the 2 PCs equally and processed by the firewall.

How can we do this?

Pls help if you know..

Old 04-11-2005, 02:54 AM   #2
Senior Member
Registered: Sep 2002
Location: Philippines
Distribution: Slackware, RHEL&variants, AIX, SuSE
Posts: 1,127

Rep: Reputation: 49
Old 04-11-2005, 06:19 AM   #3
Registered: Aug 2004
Posts: 210

Original Poster
Rep: Reputation: 31
load balanced firewall


many thx for the reply..

I already checked that document but nth concrete abt load-balanced iptables firewalls in it..

If you come across anythg new..let me know..

Old 06-25-2005, 07:13 AM   #4
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
a simple (but not as effective as bandwidth limiting) thing you could do is use the netfilter random match module, and set it to match SYN packets with a 50% probability in the FORWARD chain... this way half of the connections would get started on one of the PCs, and the other half of the connections would get started on the other PC (in an alternating fashion)...

here's the LQ article where i read about that:
The random match module matches packets based on nothing more than a random choice. You can tune the logic by setting the probability that a packet is matched anywhere between 0% and 100% of the time. Example applications include simulating a faulty connection or server or distributing load across multiple mirrored Web servers. The example below distributes Web traffic among three servers. The first rule sends 33% of the connections to the server at The next 33% is sent to and the last third catches the remainder and passes them to
iptables -t nat -A PREROUTING -i eth0 -p tcp \
   --dport 80 --syn -m random --average 33 \
   -j DNAT --to-destination
iptables -t nat -A PREROUTING -i eth0 -p tcp \
   --dport 80 --syn -m random --average 50 \
   -j DNAT --to-destination
iptables -t nat -A PREROUTING -i eth0 -p tcp \
   --dport 80 --syn -j DNAT \


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Load Balanced Web Servers jzimmerlin Linux - Newbie 5 05-29-2005 06:56 PM
Load-Balanced Java IT Consultant Needed in Denver marctrudeau Linux - Enterprise 2 08-13-2004 07:30 AM
Redundant Load Balanced Connections to Server Huezo Linux - Networking 1 02-21-2004 05:02 PM
Iptables - Couldn't load target `ACCPET':/lib/iptables/ z00t Linux - Security 3 01-26-2004 02:24 AM
does slackwares frewall come configured shanenin Linux - Security 1 10-19-2003 03:14 PM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:14 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration