round-robin aliases

Ryan D netfilter at mandrake.us
Sat Sep 18 00:16:07 CEST 2004


On Fri, Sep 17, 2004 at 02:20:45PM -0400, Jason Opperisano exclaimed:

>On Fri, 2004-09-17 at 13:57, Ryan D wrote:
>> Ive been trying to find a way to do this... I have eth0 on the
>> 192.168.2.0/24 network (eth0 has ip 192.168.2.10). I also have 5 aliases
>> on the same network with these ips:
>> 
>> eth0:1 192.168.2.11
>> eth0:2 192.168.2.12
>> eth0:3 192.168.2.13
>> eth0:4 192.168.2.14
>> 
>> 
>> Id like to round-robin the source ip on a per connection basis, meaning,
>> if I ssh to 192.168.2.100 it may come from eth0:1, if I then ssh to
>> 192.168.2.110 it will come from eth0:2, etc.  So the destination ssh
>> machines will see different source IPs.
>> 
>> Is this possible with netfilter/iproute2?  The only potential problem I
>> see is with the arp table, but I also dont understand this stuff as well
>> as I would like.
>> 
>> -Ryan
>
>this is the default behavior of the SNAT code:
>
>  iptables -t nat -A POSTROUTING -o eth0 \
>    -j SNAT --to-source 192.168.2.11-192.168.2.14
>
>layer 2 devices don't have problems with many IP's being associated with
>the same MAC address--they don't particularly like the same MAC address
>being associated with multiple ports.
>



Is there possibly a piece missing to this? Ive set this up and it did
not complain, but Im still only going out through one IP. Here is the
output from iptables and ip route show:

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
SNAT   all -- anywhere  anywhere  to:192.168.2.10-192.168.2.11



192.168.2.0/24 dev eth0  proto kernel  scope link
default via 192.168.2.254 dev eth0



Thanks,
Ryan



More information about the netfilter mailing list