Saturday, September 4, 2010

netfilter statistics match load balancing

I find that there is a dearth of documentation on the appropriate syntax for the newer netfilter statistics mode match. It seems that it has changed a few times over the years.

/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -m state --state NEW -m statistic \
--mode nth --every 3 -j DNAT --to-destination 192.168.1.1:80

/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -m state --state NEW -m statistic \
--mode nth --every 2 -j DNAT --to-destination 192.168.1.2:80

/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -m state --state NEW -m statistic \
--mode nth --every 1 -j DNAT --to-destination 192.168.1.3:80

To clarify this, each rule is terminating so the match is a probability. Every 3 packets (33%) match the first. Of the remaining 66%, every other (50%) matches the second. And then 1/1 packets (all of em) match the last. This set of rules will DNAT your incoming web traffic evenly across three servers.


Posted by at

1 comment:

  1. zarahgadomskiMarch 3, 2022 at 6:00 AM

    Lucky Lady casino - JTM Hub
    Lucky Lady casino - View 군포 출장샵 our complete review 나주 출장안마 of 나주 출장마사지 Lucky Lady casino 대구광역 출장마사지 including bonus codes and other useful information. We also cover banking methods  Rating: 5 밀양 출장안마 · ‎1 review

    ReplyDelete

Subscribe to: Post Comments (Atom)