Rounf-Robin NAT

Rounf-Robin NAT

[AFShin]

Dear Friends,
Can iptables do the real Round-Robin SNAT --to ?
Is there any patch or it is available ?
Thank you all in advance,
AFShin A.

Re: Rounf-Robin NAT

[John A. Sullivan III]

On Tue, 2004-03-16 at 06:15, AFShin wrote:
> Dear Friends,
> Can iptables do the real Round-Robin SNAT --to ?
> Is there any patch or it is available ?
> Thank you all in advance,
> AFShin A.
I do not know the actual code but somewhere in the back of my mind I
recall something about iptables using a rudimentary load balancing
algorithm, i.e., rather than strict round robin, it distributes the next
NAT to the least used address.  Can anyone confirm that? - John
-- 
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@nexusmgmt.com
---
If you are interested in helping to develop a GPL enterprise class
VPN/Firewall/Security device management console, please visit
http://iscs.sourceforge.net 

Re: Rounf-Robin NAT

[Fabiano Reis]

Arrived a question after seeing this email...

What are the advantages of using this tipe of balance against DNS
RoundRobin?


----- Original Message ----- 
From: "Pawe³ Staszewski" <pstaszewski@artcom.pl>
To: "John A. Sullivan III" <john.sullivan@nexusmgmt.com>;
<netfilter@lists.netfilter.org>
Sent: Tuesday, March 16, 2004 4:13 PM
Subject: Re: Rounf-Robin NAT


> On Tue, 2004-03-16 at 06:57, John A. Sullivan III wrote:
> > On Tue, 2004-03-16 at 06:15, AFShin wrote:
> > > Dear Friends,
> > > Can iptables do the real Round-Robin SNAT --to ?
> > > Is there any patch or it is available ?
> > > Thank you all in advance,
> > > AFShin A.
> > I do not know the actual code but somewhere in the back of my mind I
> > recall something about iptables using a rudimentary load balancing
> > algorithm, i.e., rather than strict round robin, it distributes the next
> > NAT to the least used address.  Can anyone confirm that? - John
>
> Hello
> Try this...
> iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -m nth --counter 4 --every
> 4 --packet 0 -j SNAT --to xxx.xxx.xxx.xx1
> iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -m nth --counter 4 --every
> 4 --packet 1 -j SNAT --to xxx.xxx.xxx.xx2
> iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -m nth --counter 4 --every
> 4 --packet 2 -j SNAT --to xxx.xxx.xxx.xx3
> iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -m nth --counter 4 --every
> 4 --packet 3 -j SNAT --to xxx.xxx.xxx.xx4
>
> that is good round-robin nat, but some services may not work (like https
> or other where is "smart" firewall (anti spoof))
>
>
>
>

Re: Rounf-Robin NAT

[Gaël Le Mignot]

Hello Fabiano!

Tue, 16 Mar 2004 10:23:58 -0300, you wrote: 

 > Arrived a question after seeing this email...
 > What are the advantages of using this tipe of balance against DNS
 > RoundRobin?

Well,  this can  be  usefull if  you  only have  one  (or few)  public
IPs. IPv4 are becoming rare  and expensives. And IPv6 isn't widespread
right now.

-- 
Gael Le Mignot "Kilobug" - kilobug@nerim.net - http://kilobug.free.fr
GSM         : 06.71.47.18.22 (in France)   ICQ UIN   : 7299959
Fingerprint : 1F2C 9804 7505 79DF 95E6 7323 B66B F67B 7103 C5DA

Member of HurdFr: http://hurdfr.org - The GNU Hurd: http://hurd.gnu.org

Re: Rounf-Robin NAT

[Paweł Staszewski]

On Tue, 2004-03-16 at 06:57, John A. Sullivan III wrote:
> On Tue, 2004-03-16 at 06:15, AFShin wrote:
> > Dear Friends,
> > Can iptables do the real Round-Robin SNAT --to ?
> > Is there any patch or it is available ?
> > Thank you all in advance,
> > AFShin A.
> I do not know the actual code but somewhere in the back of my mind I
> recall something about iptables using a rudimentary load balancing
> algorithm, i.e., rather than strict round robin, it distributes the next
> NAT to the least used address.  Can anyone confirm that? - John

Hello
Try this...
iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -m nth --counter 4 --every
4 --packet 0 -j SNAT --to xxx.xxx.xxx.xx1
iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -m nth --counter 4 --every
4 --packet 1 -j SNAT --to xxx.xxx.xxx.xx2
iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -m nth --counter 4 --every
4 --packet 2 -j SNAT --to xxx.xxx.xxx.xx3
iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -m nth --counter 4 --every
4 --packet 3 -j SNAT --to xxx.xxx.xxx.xx4

that is good round-robin nat, but some services may not work (like https
or other where is "smart" firewall (anti spoof))