round-robin aliases

Ryan D netfilter at
Sat Sep 18 00:16:07 CEST 2004

On Fri, Sep 17, 2004 at 02:20:45PM -0400, Jason Opperisano exclaimed:

>On Fri, 2004-09-17 at 13:57, Ryan D wrote:
>> Ive been trying to find a way to do this... I have eth0 on the
>> network (eth0 has ip I also have 5 aliases
>> on the same network with these ips:
>> eth0:1
>> eth0:2
>> eth0:3
>> eth0:4
>> Id like to round-robin the source ip on a per connection basis, meaning,
>> if I ssh to it may come from eth0:1, if I then ssh to
>> it will come from eth0:2, etc.  So the destination ssh
>> machines will see different source IPs.
>> Is this possible with netfilter/iproute2?  The only potential problem I
>> see is with the arp table, but I also dont understand this stuff as well
>> as I would like.
>> -Ryan
>this is the default behavior of the SNAT code:
>  iptables -t nat -A POSTROUTING -o eth0 \
>    -j SNAT --to-source
>layer 2 devices don't have problems with many IP's being associated with
>the same MAC address--they don't particularly like the same MAC address
>being associated with multiple ports.

Is there possibly a piece missing to this? Ive set this up and it did
not complain, but Im still only going out through one IP. Here is the
output from iptables and ip route show:

target     prot opt source               destination
SNAT   all -- anywhere  anywhere  to: dev eth0  proto kernel  scope link
default via dev eth0


More information about the netfilter mailing list