Thanks SNAT is what I was looking for! On Tue, Nov 9, 2010 at 4:41 PM, Pascal Hambourg <pascal.mail@xxxxxxxxxxxxxxx> wrote: > Tommaso Calosi a écrit : >> That's why i wrote "virtual interfaces". > > eth0:* are not virtual interfaces, not interfaces at all. They are just > IPv4 aliases. Virtual interfaces are a different thing : they are "real" > interfaces (from the network stack point of view) which are just not > related to real hardware. > >> If t's not possibile, then >> it'd have the same effect to masquerade outgoing connection with a nat >> pool made by 192.168.1.10, 192.168.1.20 and 192.168.1.30 but since >> they're originating from the firewall itself, again I don't know how. > > You can use SNAT. It does not matter that the traffic originates from > the box. However your addresses are not contiguous and the support for > multiple --to-source options was removed long ago, so you'll have to do > the balance by other means, for example with the statistic match. > > Note that it won't balance the source address on a packet basis but on a > connection basis. So if you have one very active connection and one > mostly inactive connection, most of the packets will have the same > source address. > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
