From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jason Opperisano Subject: Re: round-robin aliases Date: Fri, 17 Sep 2004 14:20:45 -0400 Sender: netfilter-bounces@lists.netfilter.org Message-ID: <1095445245.1886.48.camel@wolfpack.ljm.dom> References: <20040917175729.GF2579@dearing.us> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20040917175729.GF2579@dearing.us> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii" To: netfilter@lists.netfilter.org On Fri, 2004-09-17 at 13:57, Ryan D wrote: > Ive been trying to find a way to do this... I have eth0 on the > 192.168.2.0/24 network (eth0 has ip 192.168.2.10). I also have 5 aliases > on the same network with these ips: > > eth0:1 192.168.2.11 > eth0:2 192.168.2.12 > eth0:3 192.168.2.13 > eth0:4 192.168.2.14 > > > Id like to round-robin the source ip on a per connection basis, meaning, > if I ssh to 192.168.2.100 it may come from eth0:1, if I then ssh to > 192.168.2.110 it will come from eth0:2, etc. So the destination ssh > machines will see different source IPs. > > Is this possible with netfilter/iproute2? The only potential problem I > see is with the arp table, but I also dont understand this stuff as well > as I would like. > > -Ryan this is the default behavior of the SNAT code: iptables -t nat -A POSTROUTING -o eth0 \ -j SNAT --to-source 192.168.2.11-192.168.2.14 layer 2 devices don't have problems with many IP's being associated with the same MAC address--they don't particularly like the same MAC address being associated with multiple ports. -j -- Jason Opperisano