On Fri, 2008-06-06 at 04:08 -0700, Vincent Arniego wrote: > Hi Thomas, > > That's actually a good suggestion, Unfortunately we can't force teach our subscribers to use a proxy in their setup. > > They use a certain equipment that uses 3G and configuring it would be like rocket science to them. So you're not load balancing requests to one website then... obviously I didn't read your post thoroughly enough ;-) A transparent proxy solution could still work (but not with pound). > iptables -A FORWARD -p tcp --dport 80 -j NFQUEUE --queue-num 0:5 > > something like that. This doesn't work btw. You could you statistic+connmark to do that, so that all packets belonging to one connection are copied to the same queue: iptables -N PORT80 iptables -N PORT80_NEW iptables -A FORWARD -p tcp --dport 80 -j PORT80 iptables -A PORT80 -m connmark --mark 0 -j PORT80_NEW iptables -A PORT80_NEW -m statistic --mode nth --every 5 --packet 0 -m connmark --mark 0 -j CONNMARK --set-mark 1 iptables -A PORT80_NEW -m statistic --mode nth --every 5 --packet 1 -m connmark --mark 0 -j CONNMARK --set-mark 2 iptables -A PORT80_NEW -m statistic --mode nth --every 5 --packet 2 -m connmark --mark 0 -j CONNMARK --set-mark 3 iptables -A PORT80_NEW -m statistic --mode nth --every 5 --packet 3 -m connmark --mark 0 -j CONNMARK --set-mark 4 iptables -A PORT80_NEW -m statistic --mode nth --every 5 --packet 4 -m connmark --mark 0 -j CONNMARK --set-mark 5 iptables -A PORT80 -m connmark --mark 1 -j NFQUEUE --queue-num 1 iptables -A PORT80 -m connmark --mark 2 -j NFQUEUE --queue-num 2 iptables -A PORT80 -m connmark --mark 3 -j NFQUEUE --queue-num 3 iptables -A PORT80 -m connmark --mark 4 -j NFQUEUE --queue-num 4 iptables -A PORT80 -m connmark --mark 5 -j NFQUEUE --queue-num 5 -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
