On 02/01/2012 13:17, Anton Melser wrote:
you can probably also do this by adding
the public IPs to your mailserver?
Definitely, makes load shifting very complicated though...
OK, so if you want an external "load balancer" then your problem reduces
to *indicating* the desired mapped source address.
If the NAT is on an external box then you can't use fwmarks. You can
use either source port or dest port. You could also add all IPs to all
servers, but that seems rather tricky to make work in practice. I think
your best bet might be a hack, to use dest port as the indicator for
"source IP". Set your DNAT to map some range of dest ports to change
the source to the IP and the dest port to 25. This will allow all
machines to send and masquerade as any source ip...
I haven't quite thought this through, but I think it will work?
Good luck
Ed W
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
