Public domain
#!/bin/bash
# Configuration
ETH="eth0"
MASK="255.255.255.192"
PREFIX="217.218.229"
START="195"
COUNT="60"
# IP Setting
for I in $(seq 0 $(($COUNT - 1))); do
IP="$PREFIX.$(($START+$I))"
ifconfig $ETH:$I $IP netmask $MASK
done
# Flush tables
iptables -t nat -F
iptables -t mangle -F
# Load Balancing
iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark
for I in $(seq 1 $COUNT); do
iptables -t mangle -A OUTPUT -p tcp --dport 80 -m state --state NEW -m statistic --mode nth --every $COUNT --packet $I -j MARK --set-mark $I
done
iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark
for I in $(seq 0 $(($COUNT - 1))); do
IP="$PREFIX.$(($START+$I))"
iptables -t nat -A POSTROUTING -m connmark --mark $(($I + 1)) -p tcp --dport 80 -j SNAT --to $IP
done
# Cache Redirect
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 3128
ETH="eth0"
MASK="255.255.255.0"
PREFIX="192.168.10"
START="16"
COUNT="3"
ifconfig eth0:0 192.168.10.16 netmask 255.255.255.0
ifconfig eth0:1 192.168.10.17 netmask 255.255.255.0
ifconfig eth0:2 192.168.10.18 netmask 255.255.255.0
iptables -t nat -F
iptables -t mangle -F
iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark
iptables -t mangle -A OUTPUT -p tcp --dport 80 -m state --state NEW -m statistic --mode nth --every 3 --packet 1 -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -p tcp --dport 80 -m state --state NEW -m statistic --mode nth --every 3 --packet 2 -j MARK --set-mark 2
iptables -t mangle -A OUTPUT -p tcp --dport 80 -m state --state NEW -m statistic --mode nth --every 3 --packet 3 -j MARK --set-mark 3
iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark
iptables -t nat -A POSTROUTING -m connmark --mark 1 -p tcp --dport 80 -j SNAT --to 192.168.10.16
iptables -t nat -A POSTROUTING -m connmark --mark 2 -p tcp --dport 80 -j SNAT --to 192.168.10.17
iptables -t nat -A POSTROUTING -m connmark --mark 3 -p tcp --dport 80 -j SNAT --to 192.168.10.18
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 3128
eth0 Link encap:Ethernet HWaddr 00:50:BF:96:A5:83
inet addr:172.16.20.10 Bcast:172.16.20.255 Mask:255.255.255.0
inet6 addr: fe80::250:bfff:fe96:a583/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:110 errors:0 dropped:0 overruns:0 frame:0
TX packets:91 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:10876 (10.6 KiB) TX bytes:10997 (10.7 KiB)
Interrupt:10 Base address:0x8000
eth0:0 Link encap:Ethernet HWaddr 00:50:BF:96:A5:83
inet addr:192.168.10.16 Bcast:192.168.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:10 Base address:0x8000
eth0:1 Link encap:Ethernet HWaddr 00:50:BF:96:A5:83
inet addr:192.168.10.17 Bcast:192.168.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:10 Base address:0x8000
eth0:2 Link encap:Ethernet HWaddr 00:50:BF:96:A5:83
inet addr:192.168.10.18 Bcast:192.168.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:10 Base address:0x8000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Chain PREROUTING (policy ACCEPT 120 packets, 8256 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 120 packets, 8256 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 86 packets, 10792 bytes)
pkts bytes target prot opt in out source destination
86 10792 CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK restore
0 0 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW statistic mode nth every 3 packet 1 MARK set 0x1
0 0 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW statistic mode nth every 3 packet 2 MARK set 0x2
0 0 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW statistic mode nth every 3 packet 3 MARK set 0x3
Chain POSTROUTING (policy ACCEPT 86 packets, 10792 bytes)
pkts bytes target prot opt in out source destination
86 10792 CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK save
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
Chain POSTROUTING (policy ACCEPT 1 packets, 116 bytes)
pkts bytes target prot opt in out source destination
0 0 SNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK match 0x1 tcp dpt:80 to:192.168.10.16
0 0 SNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK match 0x2 tcp dpt:80 to:192.168.10.17
0 0 SNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK match 0x3 tcp dpt:80 to:192.168.10.18
Chain OUTPUT (policy ACCEPT 1 packets, 116 bytes)
pkts bytes target prot opt in out source destination
BY: Pejman Moghadam
TAG: nat, load-balancing, iptables, bash, bash-script
DATE: 2009-05-27 09:15:20