On Tue, May 17, 2005 at 03:06:46PM -0500, Taylor, Grant wrote:
> In light of Jason's response about dealing with the kernel's martian code I
> think a rule like this needs to be added to the solution:
>
> iptables -t mangle -A PREROUTING -d $SERVER -p tcp --dport 11000 -j ROUTE
> --iif lo --continue
> iptables -t nat -A PREROUTING -d $SERVER -p tcp --dport 11000 -m state
> --state NEW -m nth --every 4 --packet 0 -j DNAT --to-destination
> 127.0.0.1:11000
> iptables -t nat -A PREROUTING -d $SERVER -p tcp --dport 11000 -m state
> --state NEW -m nth --every 4 --packet 1 -j DNAT --to-destination
> 127.0.0.1:11001
> iptables -t nat -A PREROUTING -d $SERVER -p tcp --dport 11000 -m state
> --state NEW -m nth --every 4 --packet 2 -j DNAT --to-destination
> 127.0.0.1:11002
> iptables -t nat -A PREROUTING -d $SERVER -p tcp --dport 11000 -m state
> --state NEW -m nth --every 4 --packet 3 -j DNAT --to-destination
> 127.0.0.1:11003
just 'cause i'm feelin' picky today... "--state NEW" in -t nat is
redundant, as only "--state NEW" packets ever traverse -t nat.
-j
--
"Stewie: Ha ha. Oh, this is so good it just HAS to be fattening."
--Family Guy
