Olá Pedro. (g - I read ahead ;^) On Mon, 2003-10-06 at 05:59, Pedro Salazar wrote: > Greetings, > > I pretend to load-balancing to two servers but apparently I think only > one machine is getting the requests. > > These are the rules I run in iptables: > /sbin/iptables -v -t nat -A PREROUTING --dst 192.168.89.44 -p tcp \ > --dport 9000 -j DNAT --to-destination 192.168.89.158:80 \ > --to-destination 192.168.89.159:80 > /sbin/iptables -v -t nat -A OUTPUT -p tcp -m tcp --dport 9000 \ > --dst 192.168.89.44 -j DNAT --to-destination 192.168.89.158:80 \ > --to-destination 192.168.89.159:80 > > As you can see, I have two destinations hosts, 192.168.89.158/31. The > 192.168.89.44 is the gateway itself that is redirecting requests on port > 9000 to the two http servers. All of them are in the same network. But the rule performing the balancing is in OUTPUT table, and so only affects connections from the NAT box itself... Also, I think your double --to construction is invalid, iptables accepts it but it appears never to look past the first IP. Try this rule: /sbin/iptables -t nat -A PREROUTING -d 192.168.89.44 -p tcp --dport \ 9000 -j DNAT --to 192.168.89.158-192.168.89.159:80 It will distribute new connections 'randomly' across the DNAT ip space, in this case two IPs. This isn't 'real' load-balancing, but it's a quick and easy substitute that is sufficient for many purposes. j
