hello i have a situation where i want to round-robin new http connections to different ports, but i'm finding that the following is resulting in a significant amount "falling through" to my catch-all on port 9000, rather than being evenly distributed across 8080-8084. iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -P INPUT ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 80 -m statistic --mode nth --every 5 --packet 0 -j REDIRECT --to-port 8080 iptables -t nat -A PREROUTING -p tcp --dport 80 -m statistic --mode nth --every 5 --packet 1 -j REDIRECT --to-port 8081 iptables -t nat -A PREROUTING -p tcp --dport 80 -m statistic --mode nth --every 5 --packet 2 -j REDIRECT --to-port 8082 iptables -t nat -A PREROUTING -p tcp --dport 80 -m statistic --mode nth --every 5 --packet 3 -j REDIRECT --to-port 8083 iptables -t nat -A PREROUTING -p tcp --dport 80 -m statistic --mode nth --every 5 --packet 4 -j REDIRECT --to-port 8084 iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 9000 it's about 80-20, where 80% are evenly distributed amongst 8080-8084 and 20% are winding up on 9000. i'd prefer 100% evenly distributed on 8080-8084 and none on 9000. i put 9000 there as a catch-all "hack" because i found connections were failing to be caught by the 8080-8084 range. any help would be really appreciated, thank you in advance! tristen -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
