[Gllug] Load balancing source IPs
Robert McKay
robert at mckay.com
Tue May 20 23:10:41 UTC 2008
On Tue, May 20, 2008 at 3:44 PM, - Tethys <tethys at gmail.com> wrote:
[snip]
> to use as a source IP for each new connection. I currently do this
> with a simple iptables SNAT rule:
>
> iptables -t nat -I POSTROUTING -d 10.0.8.1 -j SNAT --to 10.0.0.16-10.0.0.31
[snip]
> In summary, it works fine with:
>
> CentOS 4.4, kernel 2.6.9-42.0.10.ELsmp, iptables-1.2.11-3.1.RHEL4
>
> On the other hand, it doesn't work with:
>
> Fedora Core 5, kernel 2.6.18-1.2200.fc5, iptables-1.3.5-1.2
> Ubuntu 7.10, kernel 2.6.22-14-server, iptables 1.3.6.0debian1-5ubuntu5
> Any ideas?
>From the iptables 1.4 manpage:
In Kernels up to 2.6.10 you can add several --to-destination options. For
those kernels, if you specify more than one destination address, either via an
address range or multiple --to-destination options, a simple round-robin (one
after another in cycle) load balancing takes place between these addresses.
Later Kernels (>= 2.6.11-rc1) don't have the ability to NAT to multiple ranges
anymore.
While the passage is somewhat ambiguous; not being able to NAT to
multiple ranges doesn't seem to entirely rule out NATing to multiple
addresses in one range but I think this may just be an error in the
documentation. Btw, although the documentation is talking about DNAT,
not SNAT, similar changes appear to have been made to both.
Rob.
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list