Shorewall users - Sep 2006 - DEST load balance - hash instead of round-robin

Hello,
 
Does Shorewall support hash for destination load balancing or is only
round-robin available? In shorewall documentation I found mention only
about round-robin destination balancing. See documantation:
http://www.shorewall.net/Documentation.htm
 
DEST
Describes the destination host(s) to which the rule applies. May take
most of the forms described above for SOURCE plus the following two
additional forms:
*        An IP address followed by a colon and the port number that the
server is listening on (service names from /etc/services are not allowed
- example loc:192.168.1.3:80).
*        A single port number (again, service names are not allowed) --
this form is only allowed if the ACTION is REDIRECT and refers to a
server running on the firewall itself and listening on the specified
port.
Restrictions:
*        MAC addresses may not be specified.
*        In DNAT rules, only IP addresses may be given -- DNS names are
not permitted.
*        You may not specify both an IP address and an interface name in
the DEST column.
Like in the SOURCE column, a range of IP addresses may be specified in
the DEST column as <first address>-<last address>. When the ACTION
is
DNAT or DNAT-, connections will be assigned to the addresses in the
range in a round-robin fashion (load-balancing).
 
 
Sincerely,
--------------------------------------------
Radovan Jablonovsky
Database Architect/DBA
Arrow Transportation Systems Inc. 
Tel: (250) 571-7773
Email: rjablonov@arrow.ca
WWW: www.arrowtransportation.com
 
 


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Radovan Jablonov wrote:
> Hello,
> 
>  
> 
> Does Shorewall support hash for destination load balancing or is only
> round-robin available? In shorewall documentation I found mention only
> about round-robin destination balancing. See documantation:
> http://www.shorewall.net/Documentation.htm
AFAIK, round-robin is the only form of DNAT load-balancing that is supported by
Netfilter so Shorewall has the same restriction.

From ''man iptables'':

   DNAT
        This target is only valid in the nat table, in the PREROUTING and OUTPUT
	chains, and user-defined chains which are only called from those chains.
        It  specifies that the destination address of the packet should be
	modified (and all future packets in this connection will also be
	mangled), and rules should cease being examined.  It takes one type of
	option:

       --to-destination ipaddr[-ipaddr][:port-port]
              which can specify a single new destination IP address, an
              inclusive range of IP addresses, and optionally, a port  range
              (which  is  only valid if the rule also specifies -p tcp or -p
              udp).  If no port range is specified, then the destination port
              will never be modified.

              You  can  add several --to-destination options.  If you specify
              more than one destination address, either via an address range or
              multiple --to-destination options, a simple round-robin (one after
              another in cycle) load balancing takes place between these
              addresses.


-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV