From mboxrd@z Thu Jan 1 00:00:00 1970 From: Sander Sneekes Subject: load balancing Date: 03 Feb 2003 14:49:53 +0100 Sender: netfilter-admin@lists.netfilter.org Message-ID: <1044280193.16953.15.camel@sander> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="=-2e6+zpWr2fUM/mtyhMSJ" Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: Netfilter Mailing List --=-2e6+zpWr2fUM/mtyhMSJ Content-Type: text/plain Content-Transfer-Encoding: 7bit Hi all, I need to load balance between 2 webserver what is the most fastest way of doing this? With iptables? if yes wich line's do i need to use i have a RH 7.2 with iptables running already doing al network traffic cheers Sander --=-2e6+zpWr2fUM/mtyhMSJ Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit Hi all,

I need to load balance between 2 webserver
what is the most fastest way of doing this?
With iptables? if yes wich line's do i need to use
i have a RH 7.2 with iptables running already doing
al network traffic

cheers
Sander --=-2e6+zpWr2fUM/mtyhMSJ-- From mboxrd@z Thu Jan 1 00:00:00 1970 From: Sander Sneekes Subject: Re: load balancing Date: 03 Feb 2003 15:35:10 +0100 Sender: netfilter-admin@lists.netfilter.org Message-ID: <1044282910.16954.25.camel@sander> References: <1044280193.16953.15.camel@sander> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="=-Jtb28g/wA+/byfEXHdBo" Return-path: In-Reply-To: <1044280193.16953.15.camel@sander> Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: Netfilter Mailing List --=-Jtb28g/wA+/byfEXHdBo Content-Type: text/plain Content-Transfer-Encoding: 7bit currently i'm using this line iptable -t nat -A PREROUTING -d X.X.X.X -p tcp --dport http -j DNAT --to-dest 192.168.0.100-192.168.0.111 this this the job but the if i use the same client it always uses 100 for ex. but we need to do some preformance test with 3 client's so everytime a client does a reqeust to the http server i want to get it for a different server. anybody ? thanks Sander On Mon, 2003-02-03 at 14:49, Sander Sneekes wrote: > Hi all, > > I need to load balance between 2 webserver > what is the most fastest way of doing this? > With iptables? if yes wich line's do i need to use > i have a RH 7.2 with iptables running already doing > al network traffic > > cheers > Sander --=-Jtb28g/wA+/byfEXHdBo Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit currently i'm using this line

iptable -t nat -A PREROUTING -d X.X.X.X -p tcp --dport http -j DNAT --to-dest 192.168.0.100-192.168.0.111

this this the job but the if i use the same client it always uses 100 for ex.

but we need to do some preformance test with 3 client's so everytime a client
does a reqeust to the http server i want to get it for a different server.

anybody ?

thanks
Sander

On Mon, 2003-02-03 at 14:49, Sander Sneekes wrote:

Hi all,

I need to load balance between 2 webserver
what is the most fastest way of doing this?
With iptables? if yes wich line's do i need to use
i have a RH 7.2 with iptables running already doing
al network traffic

cheers
Sander

--=-Jtb28g/wA+/byfEXHdBo-- From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Daniel F. Chief Security Engineer -" Subject: Re: load balancing Date: Mon, 3 Feb 2003 10:30:53 -0600 Sender: netfilter-admin@lists.netfilter.org Message-ID: <200302031030.53569.danielf@supportteam.net> References: <1044280193.16953.15.camel@sander> <1044282910.16954.25.camel@sander> Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Return-path: In-Reply-To: <1044282910.16954.25.camel@sander> Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii" To: Sander Sneekes , Netfilter Mailing List Im going to be working on one of these later this year it's my understanding that you would want to use the nth patch and the state table and SNAT to accoplish this. >From the nth patch. ------------------------ 2) Unique rule for every packet. This is an easy and quick method to produce load-balancing for both inbound and outbound. example: iptables -t nat -A POSTROUTING -o eth0 -m nth --counter 7 --every 3 --packet 0 -j SNAT --to-source 10.0.0.5 iptables -t nat -A POSTROUTING -o eth0 -m nth --counter 7 --every 3 --packet 1 -j SNAT --to-source 10.0.0.6 iptables -t nat -A POSTROUTING -o eth0 -m nth --counter 7 --every 3 --packet 2 -j SNAT --to-source 10.0.0.7 This example evenly splits connections between the three SNAT addresses. By using the mangle table and iproute2, you can setup complex load-balanced routing. ------------------------ Here's a site with good infos on the patches available. http://www.netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO.html Hope this helps. On Monday 03 February 2003 08:35, Sander Sneekes wrote: > currently i'm using this line > > iptable -t nat -A PREROUTING -d X.X.X.X -p tcp --dport http -j DNAT > --to-dest 192.168.0.100-192.168.0.111 > > this this the job but the if i use the same client it always uses 100 > for ex. > > but we need to do some preformance test with 3 client's so everytime a > client > does a reqeust to the http server i want to get it for a different > server. > > anybody ? > > thanks > Sander > > On Mon, 2003-02-03 at 14:49, Sander Sneekes wrote: > > Hi all, > > > > I need to load balance between 2 webserver > > what is the most fastest way of doing this? > > With iptables? if yes wich line's do i need to use > > i have a RH 7.2 with iptables running already doing > > al network traffic > > > > cheers > > Sander -- Daniel Fairchild - Chief Security Engineer | danielf@supportteam.net The distance between nothing and infinity is always the same no matter how close you get to nothing. From mboxrd@z Thu Jan 1 00:00:00 1970 From: Sander Sneekes Subject: Re: load balancing Date: 04 Feb 2003 16:35:11 +0100 Sender: netfilter-admin@lists.netfilter.org Message-ID: <1044372911.22297.69.camel@sander> References: <1044280193.16953.15.camel@sander> <1044282910.16954.25.camel@sander> <200302031030.53569.danielf@supportteam.net> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="=-IjSkaxgkrMrARZ8bz5Qs" Return-path: In-Reply-To: <200302031030.53569.danielf@supportteam.net> Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: "Daniel F. Chief Security Engineer -" Cc: Netfilter Mailing List --=-IjSkaxgkrMrARZ8bz5Qs Content-Type: text/plain Content-Transfer-Encoding: 7bit yepz thank daniel got the stuff working also will the a deeper look to iproute thx sander On Mon, 2003-02-03 at 17:30, Daniel F. Chief Security Engineer - wrote: > Im going to be working on one of these later this year it's my understanding > that you would want to use the nth patch and the state table and SNAT to > accoplish this. > > From the nth patch. > ------------------------ > 2) Unique rule for every packet. This is an easy and quick > method to produce load-balancing for both inbound and outbound. > example: > iptables -t nat -A POSTROUTING -o eth0 -m nth --counter 7 > --every 3 --packet 0 -j SNAT --to-source 10.0.0.5 > iptables -t nat -A POSTROUTING -o eth0 -m nth --counter 7 > --every 3 --packet 1 -j SNAT --to-source 10.0.0.6 > iptables -t nat -A POSTROUTING -o eth0 -m nth --counter 7 > --every 3 --packet 2 -j SNAT --to-source 10.0.0.7 > This example evenly splits connections between the three SNAT > addresses. > > By using the mangle table and iproute2, you can setup complex > load-balanced routing. > ------------------------ > > Here's a site with good infos on the patches available. > http://www.netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO.html > > Hope this helps. > > On Monday 03 February 2003 08:35, Sander Sneekes wrote: > > currently i'm using this line > > > > iptable -t nat -A PREROUTING -d X.X.X.X -p tcp --dport http -j DNAT > > --to-dest 192.168.0.100-192.168.0.111 > > > > this this the job but the if i use the same client it always uses 100 > > for ex. > > > > but we need to do some preformance test with 3 client's so everytime a > > client > > does a reqeust to the http server i want to get it for a different > > server. > > > > anybody ? > > > > thanks > > Sander > > > > On Mon, 2003-02-03 at 14:49, Sander Sneekes wrote: > > > Hi all, > > > > > > I need to load balance between 2 webserver > > > what is the most fastest way of doing this? > > > With iptables? if yes wich line's do i need to use > > > i have a RH 7.2 with iptables running already doing > > > al network traffic > > > > > > cheers > > > Sander --=-IjSkaxgkrMrARZ8bz5Qs Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit yepz thank daniel got the stuff working

also will the a deeper look to iproute

thx sander

On Mon, 2003-02-03 at 17:30, Daniel F. Chief Security Engineer - wrote:

Im going to be working on one of these later this year it's my understanding 
that you would want to use the nth patch and the state table and SNAT to 
accoplish this. 

>From the nth patch.
------------------------
2) Unique rule for every packet.  This is an easy and quick
   method to produce load-balancing for both inbound and outbound.
   example:
   iptables -t nat -A POSTROUTING -o eth0 -m nth --counter 7              
--every 3 --packet 0 -j SNAT --to-source 10.0.0.5
   iptables -t nat -A POSTROUTING -o eth0 -m nth --counter 7              
--every 3 --packet 1 -j SNAT --to-source 10.0.0.6
   iptables -t nat -A POSTROUTING -o eth0 -m nth --counter 7              
--every 3 --packet 2 -j SNAT --to-source 10.0.0.7
   This example evenly splits connections between the three SNAT
   addresses.

   By using the mangle table and iproute2, you can setup complex
   load-balanced routing.
------------------------

Here's a site with good infos on the patches available.
http://www.netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO.html

Hope this helps. 

On Monday 03 February 2003 08:35, Sander Sneekes wrote:
> currently i'm using this line
>
> iptable -t nat -A PREROUTING -d X.X.X.X -p tcp --dport http -j DNAT
> --to-dest 192.168.0.100-192.168.0.111
>
> this this the job but the if i use the same client it always uses 100
> for ex.
>
> but we need to do some preformance test with 3 client's so everytime a
> client
> does a reqeust to the http server i want to get it for a different
> server.
>
> anybody ?
>
> thanks
> Sander
>
> On Mon, 2003-02-03 at 14:49, Sander Sneekes wrote:
> > Hi all,
> >
> > I need to load balance between 2 webserver
> > what is the most fastest way of doing this?
> > With iptables? if yes wich line's do i need to use
> > i have a RH 7.2 with iptables running already doing
> > al network traffic
> >
> > cheers
> > Sander

--=-IjSkaxgkrMrARZ8bz5Qs-- From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Allan de Borde" Subject: Load Balancing Date: Wed, 02 Apr 2003 12:16:48 +0100 Sender: netfilter-admin@lists.netfilter.org Message-ID: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Return-path: Content-Disposition: inline Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii" To: netfilter@lists.netfilter.org I am trying to test the load balancing on a test machine with 2 external = 2Mb Internet links and it doesn't appear to be working. I am using RedHat = 8.0 and get this message when doing ip route list: default equalize nexthop via xxx.xxx.xxx.xxx dev eth1 weight 1 dead onlink = pervasive nexthop via xxx.xxx.xxx.xxx dev eth0 weight 1 onlink I have read a similar problem from this list and it appears that the = RedHat RPM of iproute2 (iproute-2.4.7-5) is broken and this was resolved = by installing a newer version of iproute. As I am very new to some aspects of Linux could someone inform me of how = to compile and install iproute as it asks for you to change the KERNEL_INCL= UDE directory in the Makefile and I have no idea where the Kernel include = directory is. I can't get it to make. I have downloaded and installed iproute-2.4.7-7.rpm but this also has the = same problems. Cheers Allan From mboxrd@z Thu Jan 1 00:00:00 1970 From: Carlos Ble Subject: Re: Load Balancing Date: Wed, 2 Apr 2003 16:24:16 +0100 Sender: netfilter-admin@lists.netfilter.org Message-ID: <200304021624.16742.carlosble@terra.es> Reply-To: carlosble@terra.es Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii" To: netfilter@lists.netfilter.org >I am trying to test the load balancing on a test machine with 2 external 2Mb >Internet links and it doesn't appear to be working. I am using RedHat 8.0 >and get this message when doing ip route list: > >default equalize > nexthop via xxx.xxx.xxx.xxx dev eth1 weight 1 dead onlink pervasive > nexthop via xxx.xxx.xxx.xxx dev eth0 weight 1 onlink > >I have read a similar problem from this list and it appears that the RedHat >RPM of iproute2 (iproute-2.4.7-5) is broken and this was resolved by >installing a newer version of iproute. > >As I am very new to some aspects of Linux could someone inform me of how to >compile and install iproute as it asks for you to change the KERNEL_INCLUDE >directory in the Makefile and I have no idea where the Kernel include >directory is. I can't get it to make. >I have downloaded and installed iproute-2.4.7-7.rpm but this also has the >same problems. >Cheers >Allan When you install the kernel source, the kernel_include directory uses to be placed in /usr/src/linux-2.4.20/include or something like that. Are you sure you are typing the commands properly ?. Here you are an example: ip route add table balancing eql nexthop via dev eth2 nexthop via dev eth3 Good luck! From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Matthew G. Marsh" Subject: Re: Load Balancing Date: Wed, 2 Apr 2003 10:43:09 -0600 (CST) Sender: netfilter-admin@lists.netfilter.org Message-ID: References: Mime-Version: 1.0 Return-path: In-Reply-To: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: TEXT/PLAIN; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Allan de Borde Cc: netfilter@lists.netfilter.org On Wed, 2 Apr 2003, Allan de Borde wrote: > I am trying to test the load balancing on a test machine with 2 external > 2Mb Internet links and it doesn't appear to be working. I am using > RedHat 8.0 and get this message when doing ip route list: > > default equalize > nexthop via xxx.xxx.xxx.xxx dev eth1 weight 1 dead onlink pervasive > nexthop via xxx.xxx.xxx.xxx dev eth0 weight 1 onlink > > I have read a similar problem from this list and it appears that the > RedHat RPM of iproute2 (iproute-2.4.7-5) is broken and this was resolved > by installing a newer version of iproute. > > As I am very new to some aspects of Linux could someone inform me of how > to compile and install iproute as it asks for you to change the > KERNEL_INCLUDE directory in the Makefile and I have no idea where the > Kernel include directory is. I can't get it to make. KERNEL_INCLUDE=/usr/src/linux Even RH symlinks /usr/src/linux to the appropriate version of kernel installed. Make sure that you have installed the kernel development RPM as that has the actual include files. Not installed by default unless you installed the Developer workstation. > I have downloaded and installed iproute-2.4.7-7.rpm but this also has the same problems. > > Cheers > Allan > > > > > > -------------------------------------------------- Matthew G. Marsh, President Paktronix Systems LLC 1506 North 59th Street Omaha NE 68104 Phone: (402) 553-2288 Email: mgm@paktronix.com WWW: http://www.paktronix.com -------------------------------------------------- From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Allan de Borde" Subject: Re: Load Balancing Date: Thu, 03 Apr 2003 08:40:06 +0100 Sender: netfilter-admin@lists.netfilter.org Message-ID: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Return-path: Content-Disposition: inline Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii" To: mgm@paktronix.com Cc: netfilter@lists.netfilter.org Thanks, I didn't have the Kernel Development installed so installed it and then I = could compile the latest iproute. With this version of iproute the ip route list command has lost the dead = onlink pervasive message and it all looks ok. I will have to test further but it's looking good. Cheers, Allan=20 >>> "Matthew G. Marsh" 04/02/03 05:43pm >>> On Wed, 2 Apr 2003, Allan de Borde wrote: > I am trying to test the load balancing on a test machine with 2 external > 2Mb Internet links and it doesn't appear to be working. I am using > RedHat 8.0 and get this message when doing ip route list: > > default equalize > nexthop via xxx.xxx.xxx.xxx dev eth1 weight 1 dead onlink = pervasive > nexthop via xxx.xxx.xxx.xxx dev eth0 weight 1 onlink > > I have read a similar problem from this list and it appears that the > RedHat RPM of iproute2 (iproute-2.4.7-5) is broken and this was resolved > by installing a newer version of iproute. > > As I am very new to some aspects of Linux could someone inform me of how > to compile and install iproute as it asks for you to change the > KERNEL_INCLUDE directory in the Makefile and I have no idea where the > Kernel include directory is. I can't get it to make. KERNEL_INCLUDE=3D/usr/src/linux Even RH symlinks /usr/src/linux to the appropriate version of kernel installed. Make sure that you have installed the kernel development RPM as that has the actual include files. Not installed by default unless you installed the Developer workstation. > I have downloaded and installed iproute-2.4.7-7.rpm but this also has = the same problems. > > Cheers > Allan > > > > > > -------------------------------------------------- Matthew G. Marsh, President Paktronix Systems LLC 1506 North 59th Street Omaha NE 68104 Phone: (402) 553-2288 Email: mgm@paktronix.com=20 WWW: http://www.paktronix.com=20 -------------------------------------------------- From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Allan de Borde" Subject: Load Balancing Date: Wed, 02 Apr 2003 11:59:22 +0100 Sender: netfilter-admin@lists.netfilter.org Message-ID: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Return-path: Content-Disposition: inline Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii" To: netfilter@lists.netfilter.org I am trying to test the load balancing on a test machine with 2 external = 2Mb Internet links and it doesn't appear to be working. I am using RedHat = 8.0 and get this message when doing ip route list: default equalize nexthop via xxx.xxx.xxx.xxx dev eth1 weight 1 dead onlink = pervasive nexthop via xxx.xxx.xxx.xxx dev eth0 weight 1 onlink I have read a similar problem from this list and it appears that the = RedHat RPM of iproute2 (iproute-2.4.7-5) is broken and this was resolved = by installing a newer version of iproute. As I am very new to some aspects of Linux could someone inform me of how = to compile and install iproute as it asks for you to change the KERNEL_INCL= UDE directory in the Makefile and I have no idea where the Kernel include = directory is. I can't get it to make. I have downloaded and installed iproute-2.4.7-7.rpm but this also has the = same problems. Cheers Allan From mboxrd@z Thu Jan 1 00:00:00 1970 From: Javier Govea Subject: LOAD BALANCING Date: Sat, 12 Jul 2003 15:05:10 -0400 (EDT) Sender: netfilter-admin@lists.netfilter.org Message-ID: <200307121905.h6CJ5ALc022359@webmail1.magma.ca> Mime-Version: 1.0 Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: netfilter@lists.netfilter.org Hi everybody, I'm trying load balance the traffic on four ppp interfaces using iproute-2.4.7-9 but i'm always getting a "dead pervasive" error message on my third interface (see below.) I'm running redhat 9 with kernel 2.4.20-8. I read some messages posted on this mailing list and they said the problem can be fixed by getting the iproute source code, compiling it, and installing it. But i already did that and i'm still getting the same problem. Any suggestions or ideas???? Here is what i'm typing: ip route add default equalize \ nexthop via nexthop xxx.xxx.xxx.xxx dev ppp0 weigth 1 \ nexthop via nexthop xxx.xxx.xxx.xxx dev ppp1 weight 1 \ nexthop via nexthop xxx.xxx.xxx.xxx dev ppp2 weight 1 \ nexthop via nexthop xxx.xxx.xxx.xxx dev ppp3 weight 1 Here is what i'm getting: default equalize nexthop via xxx.xxx.xxx.xxx dev ppp0 weight 1 nexthop via xxx.xxx.xxx.xxx dev ppp1 weight 1 nexthop via xxx.xxx.xxx.xxx dev ppp2 weight 1 dead pervasive nexthop via xxx.xxx.xxx.xxx dev ppp3 weight 1 Thanx to all X From mboxrd@z Thu Jan 1 00:00:00 1970 From: "szpak" Subject: Load balancing. Date: Sun, 3 Apr 2005 21:17:17 +0200 Message-ID: <004e01c53881$c1adb2d0$88161753@szpaq> Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Return-path: List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii" To: netfilter@lists.netfilter.org Hello. I need help with I think something very easy to do with Iptables. I need to have load balancing via nat for two or more ISP as in chart: ------ ISP1 | 128.0.0.0/30 =20 ---->[Linux NAT]-------- ISP2 192.168.0.0/24 | 80.0.0.0/30 ------ ISP3 85.0.0.0/30 I have some users on my side and I want them to simply load balance = trafic from them via those three ISP's. How to do that, is there a way to have = three default static routes? Thank You for any help it will be very usefull. Xperience From mboxrd@z Thu Jan 1 00:00:00 1970 From: Pablo Neira Subject: Re: Load balancing. Date: Sun, 03 Apr 2005 22:49:49 +0200 Message-ID: <425056ED.3010104@eurodev.net> References: <004e01c53881$c1adb2d0$88161753@szpaq> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <004e01c53881$c1adb2d0$88161753@szpaq> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii"; format="flowed" To: szpak Cc: netfilter@lists.netfilter.org szpak wrote: > Hello. > > I need help with I think something very easy to do with Iptables. > > I need to have load balancing via nat for two or more ISP as in chart: > > ------ ISP1 > | 128.0.0.0/30 > ---->[Linux NAT]-------- ISP2 > 192.168.0.0/24 | 80.0.0.0/30 > ------ ISP3 > 85.0.0.0/30 > > I have some users on my side and I want them to simply load balance trafic > from them via those three ISP's. How to do that, is there a way to have three default static routes? This is not related to iptables itself. Have a look at iproute. http://lartc.org/howto/ -- Pablo From mboxrd@z Thu Jan 1 00:00:00 1970 From: Grant Taylor Subject: Re: Load balancing. Date: Sun, 03 Apr 2005 22:23:25 -0500 Message-ID: <4250B32D.6040703@riverviewtech.net> References: <004e01c53881$c1adb2d0$88161753@szpaq> Reply-To: gtaylor@riverviewtech.net Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <004e01c53881$c1adb2d0$88161753@szpaq> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii"; format="flowed" To: szpak Cc: netfilter@lists.netfilter.org You are wanting something like Equal Cost Multi Path routing and it's corresponding "ip route" commands. Grant. . . . szpak wrote: > Hello. > > I need help with I think something very easy to do with Iptables. > > I need to have load balancing via nat for two or more ISP as in chart: > > ------ ISP1 > | 128.0.0.0/30 > ---->[Linux NAT]-------- ISP2 > 192.168.0.0/24 | 80.0.0.0/30 > ------ ISP3 > 85.0.0.0/30 > > I have some users on my side and I want them to simply load balance trafic > from them via those three ISP's. How to do that, is there a way to have three default static routes? > > Thank You for any help it will be very usefull. > > Xperience > > > From mboxrd@z Thu Jan 1 00:00:00 1970 From: Visham Ramsurrun Subject: Load balancing Date: Mon, 4 Apr 2005 13:46:20 +0400 Message-ID: <9927912d05040402467fd411c7@mail.gmail.com> Reply-To: Visham Ramsurrun Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii" To: netfilter@lists.netfilter.org Hi to all, I have this rule: iptables -t nat -A PREROUTING -i eth0 -o eth1 -d 192.0.34.72 -j dnat --to-destination 192.168.1.3-192.168.1.4 It is supposed to be load balancing by taking the traffic from the host (192.168.1.2)on which this rule is used and balancing between the PCs with the ip addrs specified by the ip addr range 192.168.1.3-192.168.1.4. What I would like to know what will happen if I apply this rule on the PCs doing the load balancing (192.168.1.3-192.168.1.4). The two PCs are connected back to back with a cross-over cable. The interfaces used for this connection are both eth1. __________ ----> -------- PC2 (192.168.1.3)------->| | 192.168.1.2/24 | | ROUTER | -------- PC1 (192.168.1.4)------->|__________| If I apply the above rule on PC (192.168.1.3 instead of MY NET, will it still load balance the traffic on the two PCs. Regards, Visham