[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: rdr and round robin.. only two IPs allowed on right hand side??
From:       Darren Reed <darrenr () reed ! wattle ! id ! au>
Date:       2005-12-05 17:41:46
Message-ID: 200512051741.jB5HfkRS025171 () firewall ! reed ! wattle ! id ! au
[Download RAW message or body]

> Time for another question of my own.. ;)
> 
> I have a large ipnat installation on one box, currently with over 500
> rules.  I'm trying to consolidate some of these rules, many of them are of
> the form:
> 
> rdr if0 10.0.0.0/24 port 80 -> 192.168.0.1 port 80 tcp round-robin
> rdr if0 10.0.0.0/24 port 80 -> 192.168.0.2 port 80 tcp round-robin
> rdr if0 10.0.0.0/24 port 80 -> 192.168.0.3 port 80 tcp round-robin
..
> Anwyay, when trying to consolidate a block like the above to :
> rdr if0 10.0.0.0/24 port 80 -> 192.168.0.1,192.168.0.2,192.168.0.3 port 80
> tcp round-robin
> 
> ipnat fails with :
> 20: can't resolve hostname: 192.168.0.2,192.168.0.3
> 20: syntax error in "rdr"
> 
> It works fine when only two IPs are used such as:
> rdr if0 10.0.0.0/24 port 80 -> 192.168.0.1,192.168.0.2 port 80 tcp
> round-robin
> 
> But not with any more than two.. I'm guessing this is just a limitation of
> the current rule parser.  Has it been fixed in CVS or anywhere else?  If
> not, is there any intention of doing so?

No, the limitation is in the way the rules are constructed, not the parser.

And for now, that can't change.

Darren
[prev in list] [next in list] [prev in thread] [next in thread]