Thanks for your response Jan, I was just reading your PDF of Netfilter_modules :) Yeah I do understand that Its not a replacement but I was wondering if its possible in someway like using any existing extension/modules to iptables or something. Something in iptables that can track that the request which was forwarded via X rule did not return any response and timeout to another rule or some other strategy you may think of. Redarding browser resolving to another IP, for this lets assume that users on my network are accessing www.example.com via IP address i.e. 10.10.10.20 (internal one) and not via domain name. They are accessing it from code and not browser where they need to specify IP and not domain name etc. Regards, Mark On Tue, Aug 9, 2011 at 3:46 AM, Jan Engelhardt <jengelh@xxxxxxxxxx> wrote: > > On Tuesday 2011-08-09 00:36, Mark Ruth wrote: >>[DNAT] >> >>The problem is that the target webserver (i.e. www.example.com ) is >>loadbalanced between like 10 servers having 10 public IPs (which are >>NOT in series), [...] >>my users can not connect to www.example.com any >>more untill i debug this and change the destination ip address in my >>iptables rules. >>[...] >>I read that multiple --to-destinations were supported in previous >>versions of iptables but not anymore. Hence to summarize, I want to >>achieve some sort of failover with loadbalancing in above mention >>scenario. Failover is more important. > > NAT is not a substitute for a proper layer-7 proxy and/or loadbalancer. > > >>Now i want to handle this situation with some sort of failover rule >>that can forward users to next ip in list if 1st DOES NOT RESPOND for >>some reason. > > Even without NAT, a user can't do anything if his browser resolved > a hostname to an address out of a round-robing pool and that > one server happens to be down. > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
