[bug?] SNAT+DNAT with multiple range

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Eric Leblond <eleblond@init-sys.com>
To: netfilter-devel@lists.netfilter.org
Subject: [bug?] SNAT+DNAT with multiple range
Date: 13 Sep 2002 11:12:38 +0200	[thread overview]
Message-ID: <1031908363.12207.35.camel@tech004> (raw)

[-- Attachment #1: Type: text/plain, Size: 1310 bytes --]

Hi,

We found something looking like a bug at our compagny when setting up a
load-balancer using DNAT and SNAT.

	    			server (192.168.0.1)	
PC1------------------- RTRS ----|
	    			server (192.168.0.4)
192.168.0.0/24       192.168.0.20

That's standard but all machines are in the same network.

We use :

Chain PREROUTING (policy ACCEPT 2198 packets, 345K bytes)
 pkts bytes target     prot opt in     out     source               destination         
   19  1140 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.0.20       tcp spts:1024:65535 dpt:3389 to:192.168.0.1 192.168.0.4 

Chain POSTROUTING (policy ACCEPT 2033 packets, 134K bytes)
 pkts bytes target     prot opt in     out     source               destination         
   56  3360 SNAT       tcp  --  *      *       0.0.0.0/0            192.168.0.1        tcp spts:1024:65535 dpt:3389 to:192.168.0.2 
   20  1200 SNAT       tcp  --  *      *       0.0.0.0/0            192.168.0.4        tcp spts:1024:65535 dpt:3389 to:192.168.0.2 

the problem is that, in that case we don't do load balancing, the first
IP 192.168.0.1 is always taken.
If we omit the second SNAT rule, the load balancing operates well, but
we've got no reply ...

Best regards,
-- 
Éric Leblond
courriel : eleblond@init-sys.com

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

                 reply	other threads:[~2002-09-13  9:12 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1031908363.12207.35.camel@tech004 \
    --to=eleblond@init-sys.com \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.