Round-robin load-balancing NAT ============================== Public domain ******************************************************************************** ### General script #!/bin/bash # Configuration ETH="eth0" MASK="255.255.255.192" PREFIX="217.218.229" START="195" COUNT="60" # IP Setting for I in $(seq 0 $(($COUNT - 1))); do IP="$PREFIX.$(($START+$I))" ifconfig $ETH:$I $IP netmask $MASK done # Flush tables iptables -t nat -F iptables -t mangle -F # Load Balancing iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark for I in $(seq 1 $COUNT); do iptables -t mangle -A OUTPUT -p tcp --dport 80 -m state --state NEW -m statistic --mode nth --every $COUNT --packet $I -j MARK --set-mark $I done iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark for I in $(seq 0 $(($COUNT - 1))); do IP="$PREFIX.$(($START+$I))" iptables -t nat -A POSTROUTING -m connmark --mark $(($I + 1)) -p tcp --dport 80 -j SNAT --to $IP done # Cache Redirect iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 3128 ******************************************************************************** ### Explanation: Configuration ETH="eth0" MASK="255.255.255.0" PREFIX="192.168.10" START="16" COUNT="3" ******************************************************************************** ### Explanation: Commands ifconfig eth0:0 192.168.10.16 netmask 255.255.255.0 ifconfig eth0:1 192.168.10.17 netmask 255.255.255.0 ifconfig eth0:2 192.168.10.18 netmask 255.255.255.0 iptables -t nat -F iptables -t mangle -F iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark iptables -t mangle -A OUTPUT -p tcp --dport 80 -m state --state NEW -m statistic --mode nth --every 3 --packet 1 -j MARK --set-mark 1 iptables -t mangle -A OUTPUT -p tcp --dport 80 -m state --state NEW -m statistic --mode nth --every 3 --packet 2 -j MARK --set-mark 2 iptables -t mangle -A OUTPUT -p tcp --dport 80 -m state --state NEW -m statistic --mode nth --every 3 --packet 3 -j MARK --set-mark 3 iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark iptables -t nat -A POSTROUTING -m connmark --mark 1 -p tcp --dport 80 -j SNAT --to 192.168.10.16 iptables -t nat -A POSTROUTING -m connmark --mark 2 -p tcp --dport 80 -j SNAT --to 192.168.10.17 iptables -t nat -A POSTROUTING -m connmark --mark 3 -p tcp --dport 80 -j SNAT --to 192.168.10.18 iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 3128 ******************************************************************************** ### Explanation: ifconfig eth0 Link encap:Ethernet HWaddr 00:50:BF:96:A5:83 inet addr:172.16.20.10 Bcast:172.16.20.255 Mask:255.255.255.0 inet6 addr: fe80::250:bfff:fe96:a583/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:110 errors:0 dropped:0 overruns:0 frame:0 TX packets:91 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:10876 (10.6 KiB) TX bytes:10997 (10.7 KiB) Interrupt:10 Base address:0x8000 eth0:0 Link encap:Ethernet HWaddr 00:50:BF:96:A5:83 inet addr:192.168.10.16 Bcast:192.168.10.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:10 Base address:0x8000 eth0:1 Link encap:Ethernet HWaddr 00:50:BF:96:A5:83 inet addr:192.168.10.17 Bcast:192.168.10.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:10 Base address:0x8000 eth0:2 Link encap:Ethernet HWaddr 00:50:BF:96:A5:83 inet addr:192.168.10.18 Bcast:192.168.10.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:10 Base address:0x8000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) ******************************************************************************** ### Explanation: mangle Chain PREROUTING (policy ACCEPT 120 packets, 8256 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 120 packets, 8256 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 86 packets, 10792 bytes) pkts bytes target prot opt in out source destination 86 10792 CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK restore 0 0 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW statistic mode nth every 3 packet 1 MARK set 0x1 0 0 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW statistic mode nth every 3 packet 2 MARK set 0x2 0 0 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW statistic mode nth every 3 packet 3 MARK set 0x3 Chain POSTROUTING (policy ACCEPT 86 packets, 10792 bytes) pkts bytes target prot opt in out source destination 86 10792 CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK save ******************************************************************************** ### Explanation: nat Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128 Chain POSTROUTING (policy ACCEPT 1 packets, 116 bytes) pkts bytes target prot opt in out source destination 0 0 SNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK match 0x1 tcp dpt:80 to:192.168.10.16 0 0 SNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK match 0x2 tcp dpt:80 to:192.168.10.17 0 0 SNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK match 0x3 tcp dpt:80 to:192.168.10.18 Chain OUTPUT (policy ACCEPT 1 packets, 116 bytes) pkts bytes target prot opt in out source destination ******************************************************************************** _BY: Pejman Moghadam_ _TAG: nat, load-balancing, iptables, bash, bash-script_ _DATE: 2009-05-27 09:15:20_