packet-based load-balanced stateless iptables firewall

Alistair Tonner Alistair at nerdnet.ca
Sat Apr 16 20:09:03 CEST 2005


On April 16, 2005 02:03 pm, Visham Ramsurrun wrote:
> Hi to all,
>
> I would like to know how to build a packet-based load-balanced
> stateless iptables firewall.

	If your talking about a load-balanced firewall -- there are some odd things 
you need to check out.....

>
> I came across this:
>
> In IPtables, load balancing is done by specifying multiple IP
> addresses in a DNAT rule. For example:
>
> iptables -t nat -A PREROUTING -i eth0 -o eth1 -d 192.0.34.72 -j DNAT
> --to-destination 192.168.1.2-192.168.1.4

	This rule 'load balances' per connection from the firewall to the destination 
host.  
	Has nowt to do with a load balanced firewall.
>
> Is the load balancing done in a packet-based manner? Does it use the
> round-robin algorithm for it?

	Per connection round robin.
>
> Any help will be very much appreciated..
>
> Regards,
> Visham



More information about the netfilter mailing list