Tommaso Calosi a écrit : > That's why i wrote "virtual interfaces". eth0:* are not virtual interfaces, not interfaces at all. They are just IPv4 aliases. Virtual interfaces are a different thing : they are "real" interfaces (from the network stack point of view) which are just not related to real hardware. > If t's not possibile, then > it'd have the same effect to masquerade outgoing connection with a nat > pool made by 192.168.1.10, 192.168.1.20 and 192.168.1.30 but since > they're originating from the firewall itself, again I don't know how. You can use SNAT. It does not matter that the traffic originates from the box. However your addresses are not contiguous and the support for multiple --to-source options was removed long ago, so you'll have to do the balance by other means, for example with the statistic match. Note that it won't balance the source address on a packet basis but on a connection basis. So if you have one very active connection and one mostly inactive connection, most of the packets will have the same source address. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
