On 07/10/08 00:13, Josh Cepek wrote:
Here's a workaround that might do what you seek. Optionally, you might
consider a DNS-RR instead if it makes sense for your needs.
DNS based load balancing is ok, but it is better in theory. I think
something like LVS will do a much better job.
With the statistic match you can create a round-robin that targets each
rule in turn. To do what you seek above you could use this series of
rules, with your own additional matches added as required:
iptables -A PREROUTING -t nat -m statistic --mode nth --every 2 -j DNAT
10.0.0.101-102
iptables -A PREROUTING -t nat -j DNAT 10.0.0.104-105
I suppose this would work for a fairly static set of destination
servers. Seeing as how you would have to re-write the rules if a back
end server was added or removed, this would be a major PITA if the
servers were dynamic in nature.
This is conceptually the same (but simpler than) the following series of
rules:
iptables -A PREROUTING -t nat -m statistic --mode nth --every 4 -j DNAT
10.0.0.101
iptables -A PREROUTING -t nat -m statistic --mode nth --every 3 -j DNAT
10.0.0.102
iptables -A PREROUTING -t nat -m statistic --mode nth --every 2 -j DNAT
10.0.0.104
iptables -A PREROUTING -t nat -j DNAT 10.0.0.105
Of course, you can continue to add more rules as required.
Ugh. That does not scale very well at all. If you want to remove 102
from above, you would have to re-write all the rules above it.
Grant. . . .
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
