Monday, January 21, 2013

iptables tricks


After last week one more "trick", today I saw a question about how to distribute the outgoing connections between several IP addresses attached to an interface. Suppose that you have 3 VIP's in the eth0 interface and would like to do round robin between that IPs for outgoing connections. With regular iproute commands doesnt work. Doing tricks with fwmarks, ip rule and ip route neither.

The only way that I’ve found to it is using SNAT and statistics to get a real Round Robin balance:


------>


# iptables -t nat -A POSTROUTING -m statistic --mode nth --every 3 -j SNAT --to 192.168.254.21

# iptables -t nat -A POSTROUTING -m statistic --mode nth --every 2 -j SNAT --to 192.168.254.22

# iptables -t nat -A POSTROUTING -m statistic --mode nth --every 1 -j SNAT --to 192.168.254.23

....

No comments:

Post a Comment