Look at this:
iptables v1.3.6
Kernel 2.6.17
man iptables
search for "SAME" target:
SAME
Similar to SNAT/DNAT depending on chain: it takes a range of
addresses
(`--to 1.2.3.4-1.2.3.7') and gives a client the same
source-/destina-
tion-address for each connection.
--to <ipaddr>-<ipaddr>
Addresses to map source to. May be specified more than
once for
multiple ranges.
--nodst
Don't use the destination-ip in the calculations when
selecting
the new source-ip
В Вто, 19/12/2006 в 21:21 -0300, Luciano Ruete пишет:
> On Monday 11 December 2006 08:15, Marco Berizzi wrote:
> > Hello everybody.
> > I'm running linux 2.6.19 with nth match to
> > alternatively snat outgoing connections to
> > two different ip addresses for load balancing
> > between two adsl lines:
> > Here is:
> >
> > $IPTABLES -t nat -A POSTROUTING -s my_ip --protocol tcp -m
> > multiport --dports 80,443 -m statistic --mode nth --every 2 -j SNAT --to
> > adslA
> > $IPTABLES -t nat -A POSTROUTING -s my_ip --protocol tcp -m
> > multiport --dports 80,443 -j SNAT --to adslB
> >
> > Things are working pretty good, but some
> > applications (https home banking for example),
> > don't work correctly (because the remote
> > server see two different ip addresses). Is
> > there any trick to tell iptables to snat
> > always with the same source ip for the same
> > destination host? I have also modified SNAT
> > with SAME, but no luck.
>
> You need to use iptables CONNMARK to keep track of "wich conn" with "wich
> ISP", see this[1] thread for reference and a nano HOWTO.
>
> [1]http://mailman.ds9a.nl/pipermail/lartc/2006q2/018964.html
--
Покотиленко Костик <casper@meteor.dp.ua>
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
|