From: Joel Newkirk <netfilter@newkirk.us>
To: Ian Douglas <ian@icreditvision.com>, netfilter@lists.netfilter.org
Subject: Re: using iptables for poor-man's load balancing?
Date: Wed, 19 Feb 2003 19:12:06 -0500 [thread overview]
Message-ID: <200302191912.06748.netfilter@newkirk.us> (raw)
In-Reply-To: <HMEBKOCKLOOEJGIOMFAPAEJNFJAA.ian@icreditvision.com>
On Wednesday 19 February 2003 06:17 pm, Ian Douglas wrote:
> > Say for argument's sake that our public IP is 1.2.3.4 and our
> > internal LAN machines are:
> > 192.168.1.1
> > 192.168.1.12
>
> (cut two of them out since they're not actually ready to run yet)
>
> > Just curious if the following rules would work to round-robin the
> > connections:
> >
> > /sbin/iptables -t nat -A PREROUTING -p udp -d 1.2.3.4 --dport 80 -j
> > DNAT \ --to-destination 192.168.1.1:80 \
> > --to-destination 192.168.1.12:80
AFAIK, you can only DNAT to a contiguous range of IPs from a single rule,
and the rule construction you have here will ignore 'excess'
destinations. If you have (or can arrange) your internal machines to
have sequential IPs, then try something like this (which is
"by-the-book"):
/sbin/iptables -t nat -A PREROUTING -p TCP -d 1.2.3.4 --dport 80 \
-j DNAT --to 192.168.1.1-192.168.1.5
The port number is only needed after the new IP if you are redirecting to
a different port than the original destination, and "--to" is an
acceptable substitute for both "--to-source" and "--to-destination".
j
next prev parent reply other threads:[~2003-02-20 0:12 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-02-18 21:53 using iptables for poor-man's load balancing? Ian Douglas
2003-02-18 22:02 ` Ian Douglas
2003-02-19 23:17 ` Ian Douglas
2003-02-20 0:12 ` Joel Newkirk [this message]
2003-02-20 0:30 ` Joel Newkirk
2003-02-20 0:55 ` Ian Douglas
2003-02-20 4:24 ` Joel Newkirk
2003-02-21 8:48 ` Fabrice MARIE
-- strict thread matches above, loose matches on Subject: below --
2003-02-18 22:10 Andrej Ricnik
2003-02-19 18:47 ` Ian Douglas
[not found] <20030219232644.14732.18331.Mailman@kashyyyk>
2003-02-20 3:00 ` mpboden
2003-02-20 3:39 ` SBlaze
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200302191912.06748.netfilter@newkirk.us \
--to=netfilter@newkirk.us \
--cc=ian@icreditvision.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.