packet-based load-balanced stateless iptables firewall
Alistair Tonner
Alistair at nerdnet.ca
Sat Apr 16 20:09:03 CEST 2005
On April 16, 2005 02:03 pm, Visham Ramsurrun wrote:
> Hi to all,
>
> I would like to know how to build a packet-based load-balanced
> stateless iptables firewall.
If your talking about a load-balanced firewall -- there are some odd things
you need to check out.....
>
> I came across this:
>
> In IPtables, load balancing is done by specifying multiple IP
> addresses in a DNAT rule. For example:
>
> iptables -t nat -A PREROUTING -i eth0 -o eth1 -d 192.0.34.72 -j DNAT
> --to-destination 192.168.1.2-192.168.1.4
This rule 'load balances' per connection from the firewall to the destination
host.
Has nowt to do with a load balanced firewall.
>
> Is the load balancing done in a packet-based manner? Does it use the
> round-robin algorithm for it?
Per connection round robin.
>
> Any help will be very much appreciated..
>
> Regards,
> Visham
More information about the netfilter
mailing list