From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?iso-8859-2?Q?Pawe=B3?= Staszewski Subject: Re: Rounf-Robin NAT Date: Tue, 16 Mar 2004 14:13:25 -0500 Sender: netfilter-admin@lists.netfilter.org Message-ID: <1079464404.7056.9.camel@localhost> References: <1079438239.2012.1.camel@localhost> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <1079438239.2012.1.camel@localhost> Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii" To: "John A. Sullivan III" , netfilter@lists.netfilter.org On Tue, 2004-03-16 at 06:57, John A. Sullivan III wrote: > On Tue, 2004-03-16 at 06:15, AFShin wrote: > > Dear Friends, > > Can iptables do the real Round-Robin SNAT --to ? > > Is there any patch or it is available ? > > Thank you all in advance, > > AFShin A. > I do not know the actual code but somewhere in the back of my mind I > recall something about iptables using a rudimentary load balancing > algorithm, i.e., rather than strict round robin, it distributes the next > NAT to the least used address. Can anyone confirm that? - John Hello Try this... iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -m nth --counter 4 --every 4 --packet 0 -j SNAT --to xxx.xxx.xxx.xx1 iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -m nth --counter 4 --every 4 --packet 1 -j SNAT --to xxx.xxx.xxx.xx2 iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -m nth --counter 4 --every 4 --packet 2 -j SNAT --to xxx.xxx.xxx.xx3 iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -m nth --counter 4 --every 4 --packet 3 -j SNAT --to xxx.xxx.xxx.xx4 that is good round-robin nat, but some services may not work (like https or other where is "smart" firewall (anti spoof))