Problem with DNAT.

[Ze'ev Maor]

True, DNAT isn't a load balancing target. The BALANCE target (which as you
said, available as patch-o-matic) only accepts one range of addresses,
since my hosts don't have a contiguous range of addresses, I can't use this
target. Just as you've pointed out, I'd expected DNAT, to map into the
other addresses, when a connection is already established to the first one,
that didn't happen!. 
I've started connection after connection (6 or so simultaneous
connections) and they were all mapped to the first address in the list,
that is what I meant in my original post. If someone can assist with
that. I'd appreciate it.

Thanks anyway.

 On Tue, 26 Jun 2001, Derrik Pates wrote:

> On Tue, 26 Jun 2001, Zeev Maor wrote:
> 
> > I'm trying to configure DNAT as follows:
> > iptables -v -t nat -A PREROUTING -p tcp --dport 22 -s ! 132.68.0.0/16 -j
> > DNAT --to 132.1.2.9 --to 130.1.2.2 etc.
> > I'd expect the DNAT target to try and spread the mappings over the multi
> > range I provide, yet it keeps mapping to the first address in the list
> > although there are 4 of them there.
> 
> If you're looking for a load-balancing solution, DNAT ain't it. It tries
> each address in sequence until it finds one that doesn't have a connection
> already, from what I understand. There's supposed to be a BALANCE target
> somewhere, and I believe it would be much more suited if you want
> connections evenly spread across the available IPs. (It is not in the
> kernel, but may be in patch-o-matic.)
> 
> Derrik Pates      |   Sysadmin, Douglas School   |    #linuxOS on EFnet
> dpates@dsdk12.net |     District (dsdk12.net)    |    #linuxOS on OPN
> 

-- 
 ----------------------------------------------------------------------------
| Ze'ev Maor  	  	       | "We all have a little Daemon inside...      |
| zeevm@siglab.technion.ac.il  |  ...Craving to come out and become a kernel"|
 ----------------------------------------------------------------------------