* [bug?] SNAT+DNAT with multiple range
@ 2002-09-13 9:12 Eric Leblond
0 siblings, 0 replies; only message in thread
From: Eric Leblond @ 2002-09-13 9:12 UTC (permalink / raw)
To: netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 1310 bytes --]
Hi,
We found something looking like a bug at our compagny when setting up a
load-balancer using DNAT and SNAT.
server (192.168.0.1)
PC1------------------- RTRS ----|
server (192.168.0.4)
192.168.0.0/24 192.168.0.20
That's standard but all machines are in the same network.
We use :
Chain PREROUTING (policy ACCEPT 2198 packets, 345K bytes)
pkts bytes target prot opt in out source destination
19 1140 DNAT tcp -- * * 0.0.0.0/0 192.168.0.20 tcp spts:1024:65535 dpt:3389 to:192.168.0.1 192.168.0.4
Chain POSTROUTING (policy ACCEPT 2033 packets, 134K bytes)
pkts bytes target prot opt in out source destination
56 3360 SNAT tcp -- * * 0.0.0.0/0 192.168.0.1 tcp spts:1024:65535 dpt:3389 to:192.168.0.2
20 1200 SNAT tcp -- * * 0.0.0.0/0 192.168.0.4 tcp spts:1024:65535 dpt:3389 to:192.168.0.2
the problem is that, in that case we don't do load balancing, the first
IP 192.168.0.1 is always taken.
If we omit the second SNAT rule, the load balancing operates well, but
we've got no reply ...
Best regards,
--
Éric Leblond
courriel : eleblond@init-sys.com
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2002-09-13 9:12 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-09-13 9:12 [bug?] SNAT+DNAT with multiple range Eric Leblond
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.