Arrived a question after seeing this email... What are the advantages of using this tipe of balance against DNS RoundRobin? ----- Original Message ----- From: "Pawe³ Staszewski" <pstaszewski@xxxxxxxxx> To: "John A. Sullivan III" <john.sullivan@xxxxxxxxxxxxx>; <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Tuesday, March 16, 2004 4:13 PM Subject: Re: Rounf-Robin NAT > On Tue, 2004-03-16 at 06:57, John A. Sullivan III wrote: > > On Tue, 2004-03-16 at 06:15, AFShin wrote: > > > Dear Friends, > > > Can iptables do the real Round-Robin SNAT --to ? > > > Is there any patch or it is available ? > > > Thank you all in advance, > > > AFShin A. > > I do not know the actual code but somewhere in the back of my mind I > > recall something about iptables using a rudimentary load balancing > > algorithm, i.e., rather than strict round robin, it distributes the next > > NAT to the least used address. Can anyone confirm that? - John > > Hello > Try this... > iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -m nth --counter 4 --every > 4 --packet 0 -j SNAT --to xxx.xxx.xxx.xx1 > iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -m nth --counter 4 --every > 4 --packet 1 -j SNAT --to xxx.xxx.xxx.xx2 > iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -m nth --counter 4 --every > 4 --packet 2 -j SNAT --to xxx.xxx.xxx.xx3 > iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -m nth --counter 4 --every > 4 --packet 3 -j SNAT --to xxx.xxx.xxx.xx4 > > that is good round-robin nat, but some services may not work (like https > or other where is "smart" firewall (anti spoof)) > > > >
