Hi, I just add these file rules: DNAT net loc:192.168.8.35 tcp - - 202.158.70.38 DNAT net loc:192.168.8.36 tcp - - 202.158.70.38 DNAT net loc:192.168.8.37 tcp - - 202.158.70.38 And these on file nat: 202.158.70.38 eth0 192.168.8.35 no no 202.158.70.38 eth0 192.168.8.36 no no 202.158.70.38 eth0 192.168.8.37 no no I try to connect to the internet and check the IP and all hosts returns 202.158.70.38. The question is when there is incoming packet to 202.158.70.38. Is it going to forward to all hosts or will match from top declared rules and nat which is in this case is 192.168.8.35? TIA. Willy ------------------------------------------------------------------------------
sangprabv wrote:> Hi, > I just add these file rules: > DNAT net loc:192.168.8.35 tcp - - 202.158.70.38 > DNAT net loc:192.168.8.36 tcp - - 202.158.70.38 > DNAT net loc:192.168.8.37 tcp - - 202.158.70.38 > > And these on file nat: > 202.158.70.38 eth0 192.168.8.35 no no > 202.158.70.38 eth0 192.168.8.36 no no > 202.158.70.38 eth0 192.168.8.37 no no > > I try to connect to the internet and check the IP and all hosts returns > 202.158.70.38. The question is when there is incoming packet to > 202.158.70.38. Is it going to forward to all hosts or will match from > top declared rules and nat which is in this case is 192.168.8.35? TIA.It will match the first DNAT rule. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------
Is there any way to load balance between hosts? Willy On Fri, 2009-07-03 at 06:32 -0700, Tom Eastep wrote:> sangprabv wrote: > > Hi, > > I just add these file rules: > > DNAT net loc:192.168.8.35 tcp - - 202.158.70.38 > > DNAT net loc:192.168.8.36 tcp - - 202.158.70.38 > > DNAT net loc:192.168.8.37 tcp - - 202.158.70.38 > > > > And these on file nat: > > 202.158.70.38 eth0 192.168.8.35 no no > > 202.158.70.38 eth0 192.168.8.36 no no > > 202.158.70.38 eth0 192.168.8.37 no no > > > > I try to connect to the internet and check the IP and all hosts returns > > 202.158.70.38. The question is when there is incoming packet to > > 202.158.70.38. Is it going to forward to all hosts or will match from > > top declared rules and nat which is in this case is 192.168.8.35? TIA. > > It will match the first DNAT rule. > > -Tom > ------------------------------------------------------------------------------ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------
sangprabv wrote:> Is there any way to load balance between hosts?''man shorewall-rules'' and search for ''robin''. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------
I have question about round robin in shorewall. Does incoming traffic from the same IP will always hit the same internal host? Or randomly pick one of the internal hosts? On Sat, 2009-07-04 at 12:37 -0700, Tom Eastep wrote:> sangprabv wrote: > > Is there any way to load balance between hosts? > > ''man shorewall-rules'' and search for ''robin''. > > -Tom > ------------------------------------------------------------------------------ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/blackberry
sangprabv wrote:> I have question about round robin in shorewall. Does incoming traffic > from the same IP will always hit the same internal host? Or randomly > pick one of the internal hosts?First of all, there is no ''round robin in shorewall''; the round-robin algorithm is implemented in Netfilter and works exactly as documented -- connections are assigned to internal IP addresses in round-robin fashion without regard to existing connections. ''man iptables'' and read about the DNAT target. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/blackberry