Radovan Jablonov wrote:> Hello,
>
>
>
> Does Shorewall support hash for destination load balancing or is only
> round-robin available? In shorewall documentation I found mention only
> about round-robin destination balancing. See documantation:
> http://www.shorewall.net/Documentation.htm
AFAIK, round-robin is the only form of DNAT load-balancing that is supported by
Netfilter so Shorewall has the same restriction.
From ''man iptables'':
DNAT
This target is only valid in the nat table, in the PREROUTING and OUTPUT
chains, and user-defined chains which are only called from those chains.
It specifies that the destination address of the packet should be
modified (and all future packets in this connection will also be
mangled), and rules should cease being examined. It takes one type of
option:
--to-destination ipaddr[-ipaddr][:port-port]
which can specify a single new destination IP address, an
inclusive range of IP addresses, and optionally, a port range
(which is only valid if the rule also specifies -p tcp or -p
udp). If no port range is specified, then the destination port
will never be modified.
You can add several --to-destination options. If you specify
more than one destination address, either via an address range or
multiple --to-destination options, a simple round-robin (one after
another in cycle) load balancing takes place between these
addresses.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV