thr3ads.net - Shorewall users - [Shorewall-users] Shorewall and LoadBalancing ? [May 2003]

If this information is useful, please help other people find it:
Share via:

Michael Albøg Olsen

2003-May-12 10:45 UTC

[Shorewall-users] Shorewall and LoadBalancing ?

Does Shorewall support LoadBalancing via iptables ?

Tom Eastep

2003-May-12 10:53 UTC

head link

[Shorewall-users] Shorewall and LoadBalancing ?

On Mon, 12 May 2003 19:45:32 +0200, Michael Alb?g Olsen 
<michael@powerline.dk> wrote:
> Does Shorewall support LoadBalancing via iptables ?
No.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net

Tom Eastep

2003-May-12 10:59 UTC

head link

[Shorewall-users] Shorewall and LoadBalancing ?

On Mon, 12 May 2003 10:53:43 -0700, Tom Eastep <teastep@shorewall.net> 
wrote:
> On Mon, 12 May 2003 19:45:32 +0200, Michael Alb?g Olsen 
> <michael@powerline.dk> wrote:
>
>> Does Shorewall support LoadBalancing via iptables ?
>
> No.
>
Actually, a flat "no" might be a bit too strong. You can use the
<ip1>-
<ip2> syntax in a "DNAT-" rule so if the servers that you want
to load-
balance over have contiguous addresses then you can make it work with a 
single "DNAT-" rule and one or more accompanying ACCEPT rules.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net

Tom Eastep

2003-May-12 11:03 UTC

head link

[Shorewall-users] Shorewall and LoadBalancing ?

On Mon, 12 May 2003 10:58:57 -0700, Tom Eastep <teastep@shorewall.net> 
wrote:

>>
>
> Actually, a flat "no" might be a bit too strong. You can use the
<ip1>-
> <ip2> syntax in a "DNAT-" rule so if the servers that you
want to load-
> balance over have contiguous addresses then you can make it work with a 
> single "DNAT-" rule and one or more accompanying ACCEPT rules.
>
Example:

DNAT-	 net	dmz:192.168.1.3-192.168.1.12	tcp	80	-	206.124.146.178
ACCEPT net	dmz:192.168.1.3			tcp	80
ACCEPT net	dmz:192.168.1.4			tcp	80
...
ACCEPT net	dmz:192.168.1.12			tcp	80

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net

Tom Eastep

2003-May-14 09:23 UTC

head link

[Shorewall-users] Shorewall and LoadBalancing ?

On Mon, 12 May 2003 20:06:59 +0200, Michael Alb?g Olsen 
<michael@powerline.dk> wrote:
> Maybe you misunderstood me.....
>
> What I mean was, that I want to "load balancing over 2 internet 
> connections"
>
> Like this:
<scrambled ascii art deleted>

a) have entries for the ''net'' zone for both if1 and if2 in 
/etc/shorewall/interfaces.
b) If you are doing MASQ/SNAT, set up duplicate entries through both ISPs.
c) Set up your routing as described in the LARTC Howto, section 1.4.2.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net

Shorewall users - May 2003 - Shorewall and LoadBalancing ?

[Shorewall-users] Shorewall and LoadBalancing ?

[Shorewall-users] Shorewall and LoadBalancing ?

[Shorewall-users] Shorewall and LoadBalancing ?

[Shorewall-users] Shorewall and LoadBalancing ?

[Shorewall-users] Shorewall and LoadBalancing ?