You are not logged in.
- Topics: Active | Unanswered
#1 2014-11-26 17:32:29
- amitbareket
- Member
- Registered: 2014-11-26
- Posts: 1
IPTABLES POSTROUTING Load balancing help
Hi there,
I have an interface with 5 IP addresses assigned to it (as virtual adapters) let's call them x1,x2,x3,x4 and x5.
Currently I have SNAT POSTROUTING forwarding rules from local source range to specific public ip address. Below is an example for the current rule
-A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source x1.x1.x1.x1
What I would like to achieve is that new established local connections will be postrouted and assigned to one of the IPs above (x1/x2/x3/x4/x5) randomly / round robin. I tired to look for a solution online but I didn't find any information for how to do so. I almost sure its feasible.
Many thanks for your help guys!
Amit
Offline
#2 2014-11-30 21:03:56
- branch
- Member
- Registered: 2014-03-16
- Posts: 209
Re: IPTABLES POSTROUTING Load balancing help
I havn't tried this, but I would let the routing table do the load balancing for outgoing packets and match the source addresses to the outgoing interface so that responses always come from the same interface a request went out. So the iptables rules would look something like:
-A POSTROUTING -o x1 -s 10.8.0.0/24 -j SNAT --to-source x1.x1.x1.x1
-A POSTROUTING -o x2 -s 10.8.0.0/24 -j SNAT --to-source x2.x2.x2.x2
etc.
Offline
#3 2014-11-30 22:02:17
- fukawi2
- Ex-Administratorino
- From: .vic.au
- Registered: 2007-09-28
- Posts: 6,231
- Website
Re: IPTABLES POSTROUTING Load balancing help
I haven't tested, but this should do it:
iptables -t nat -N OUTPUT_LB
iptables -t nat -A OUTPUT_LB -m statistic --mode nth --every 5 --packet 0 -j SNAT --to x1
iptables -t nat -A OUTPUT_LB -m statistic --mode nth --every 5 --packet 1 -j SNAT --to x2
iptables -t nat -A OUTPUT_LB -m statistic --mode nth --every 5 --packet 2 -j SNAT --to x3
iptables -t nat -A OUTPUT_LB -m statistic --mode nth --every 5 --packet 3 -j SNAT --to x4
iptables -t nat -A OUTPUT_LB -m statistic --mode nth --every 5 --packet 4 -j SNAT --to x5
iptables -t nat -A OUTPUT -m state --state NEW -j OUTPUT_LBAlternatively, but this may lead to bias towards x5:
iptables -t nat -N OUTPUT_LB
iptables -t nat -A OUTPUT_LB -m statistic --mode random --probability 0.2 -j SNAT --to x1
iptables -t nat -A OUTPUT_LB -m statistic --mode random --probability 0.2 -j SNAT --to x2
iptables -t nat -A OUTPUT_LB -m statistic --mode random --probability 0.2 -j SNAT --to x3
iptables -t nat -A OUTPUT_LB -m statistic --mode random --probability 0.2 -j SNAT --to x4
iptables -t nat -A OUTPUT_LB -j SNAT --to x5
iptables -t nat -A OUTPUT -m state --state NEW -j OUTPUT_LBLast edited by fukawi2 (2014-11-30 22:03:56)
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
#4 2014-12-01 18:47:06
- aesiris
- Member
- Registered: 2012-02-25
- Posts: 97
Re: IPTABLES POSTROUTING Load balancing help
I haven't tested, but this should do it:
...Alternatively, but this may lead to bias towards x5:
...
I understand it differently: iptable rules are independent and traversed in order, so the unbiased chain should be
iptables -t nat -N OUTPUT_LB
iptables -t nat -A OUTPUT_LB -m statistic --mode nth --every 5 --packet 0 -j SNAT --to x1
iptables -t nat -A OUTPUT_LB -m statistic --mode nth --every 4 --packet 0 -j SNAT --to x2
iptables -t nat -A OUTPUT_LB -m statistic --mode nth --every 3 --packet 0 -j SNAT --to x3
iptables -t nat -A OUTPUT_LB -m statistic --mode nth --every 2 --packet 0 -j SNAT --to x4
iptables -t nat -A OUTPUT_LB -j SNAT --to x5
iptables -t nat -A OUTPUT -m state --state NEW -j OUTPUT_LBiptables -t nat -N OUTPUT_LB
iptables -t nat -A OUTPUT_LB -m statistic --mode random --probability 0.20000 -j SNAT --to x1
iptables -t nat -A OUTPUT_LB -m statistic --mode random --probability 0.25000 -j SNAT --to x2
iptables -t nat -A OUTPUT_LB -m statistic --mode random --probability 0.33333 -j SNAT --to x3
iptables -t nat -A OUTPUT_LB -m statistic --mode random --probability 0.50000 -j SNAT --to x4
iptables -t nat -A OUTPUT_LB -j SNAT --to x5
iptables -t nat -A OUTPUT -m state --state NEW -j OUTPUT_LBOffline
#5 2014-12-01 22:19:26
- fukawi2
- Ex-Administratorino
- From: .vic.au
- Registered: 2007-09-28
- Posts: 6,231
- Website
Re: IPTABLES POSTROUTING Load balancing help
I understand it differently: iptable rules are independent and traversed in order, so the unbiased chain should be
iptables -t nat -N OUTPUT_LB iptables -t nat -A OUTPUT_LB -m statistic --mode random --probability 0.20000 -j SNAT --to x1 iptables -t nat -A OUTPUT_LB -m statistic --mode random --probability 0.25000 -j SNAT --to x2 iptables -t nat -A OUTPUT_LB -m statistic --mode random --probability 0.33333 -j SNAT --to x3 iptables -t nat -A OUTPUT_LB -m statistic --mode random --probability 0.50000 -j SNAT --to x4 iptables -t nat -A OUTPUT_LB -j SNAT --to x5 iptables -t nat -A OUTPUT -m state --state NEW -j OUTPUT_LB
Yes, my maths aren't the greatest, but that makes sense. I think using nth would still be more even, depends if the OP really wants "random" balancing, or just load-balancing.
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline