[Shorewall-users] Question On One To Many Source NAT Where Many Is Public IPs

Wed, 24 Oct 2012 07:00:42 -0700 

Hi All,

Apologies if this has already been answered but my Google-fu was not
turning anything up.

I'm in the process of converting an existing iptables rule set from a
shell script into Shorewall, and I haven't been able to really find a
good solution to handling a source NAT condition where outgoing
traffic from one internal IP is balanced over more than one external
IPs.  To help illustrate (using example IPs), outgoing traffic from
10.0.0.1 would be balanced over external IPs 1.1.1.1, 1.1.1.2 and
1.1.1.3.

If it helps, the existing iptables rules that perform this function are:

iptables -t mangle -A FORWARD -s 10.0.0.1 -j CONNMARK \
    --restore-mark
iptables -t mangle -A FORWARD -p tcp -s 10.0.0.1  -m state \
    --state NEW  -m statistic --mode nth --every 3 --packet 0 -j MARK \
    --set-mark 1
iptables -t mangle -A FORWARD -p tcp -s 10.0.0.1 -m state \
    --state NEW  -m statistic --mode nth --every 3 --packet 1 -j MARK \
    --set-mark 2
iptables -t mangle -A FORWARD -p tcp -s 10.0.0.1 -m state \
    --state NEW  -m statistic --mode nth --every 3 --packet 2 -j MARK \
    --set-mark 3
iptables -t mangle -I POSTROUTING -s 10.0.0.1 -j CONNMARK \
    --save-mark
iptables -t nat -I POSTROUTING -m connmark --mark 1 -p tcp -s 10.0.0.1 \
    -o eth5 -j SNAT --to-source 1.1.1.1
iptables -t nat -I POSTROUTING -m connmark --mark 2 -p tcp -s 10.0.0.1 \
    -o eth5 -j SNAT --to-source 1.1.1.2
iptables -t nat -I POSTROUTING -m connmark --mark 3 -p tcp -s 10.0.0.1 \
    -o eth5 -j SNAT --to-source 1.1.1.3

Is this possible with Shorewall?

Unfortunately, trying to do something like the below didn't work for
us as iptables wasn't using each IP equally:
iptables -t nat -I POSTROUTING -s 10.0.0.1 -o eth5 -j SNAT \
   --to-source 1.1.1.1-1.1.1.3

Thanks,
-- 
Jason Wever

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to