On Wednesday 19 February 2003 06:17 pm, Ian Douglas wrote: > > Say for argument's sake that our public IP is 1.2.3.4 and our > > internal LAN machines are: > > 192.168.1.1 > > 192.168.1.12 > > (cut two of them out since they're not actually ready to run yet) > > > Just curious if the following rules would work to round-robin the > > connections: > > > > /sbin/iptables -t nat -A PREROUTING -p udp -d 1.2.3.4 --dport 80 -j > > DNAT \ --to-destination 192.168.1.1:80 \ > > --to-destination 192.168.1.12:80 AFAIK, you can only DNAT to a contiguous range of IPs from a single rule, and the rule construction you have here will ignore 'excess' destinations. If you have (or can arrange) your internal machines to have sequential IPs, then try something like this (which is "by-the-book"): /sbin/iptables -t nat -A PREROUTING -p TCP -d 1.2.3.4 --dport 80 \ -j DNAT --to 192.168.1.1-192.168.1.5 The port number is only needed after the new IP if you are redirecting to a different port than the original destination, and "--to" is an acceptable substitute for both "--to-source" and "--to-destination". j
