On Mon, Oct 30, 2023 at 12:57:52PM +0100, Volodymyr Litovka wrote: [...] > the basic idea of this construction is to use later load balancing > (https://wiki.nftables.org/wiki-nftables/index.php/Load_balancing) between > multiple destinations > [...] > > so on the first step (netdev) I'm setting dst mac to local (so packet will > not be dropped as "alien", because I receive on this box mirrored (SPAN) > traffic, where dst mac is not this box) and then load-balance it between > multiple destinations using NAT/LB. As far as I understand, 'fwd' is for > forwarding to a single destination. You do not need to pass up packets to the IP stack for this purpose and use stateful NAT, it makes things complicated. You can combine the fwd statement with the numgen expression: ... fwd ip to numgen inc mod 2 map { \ 0 : 192.168.10.100, \ 1 : 192.168.10.110 } device "enp0s25" this performs round-robin packet distribution over the two destination IP addresses. So the example in the wiki above also works fine for the fwd statement. If you would like to perform flow-based load balancing, you need to create a dynamic set and store what destination IP address is used for a given IP source for persistency.
