[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: Advice on best way to set up multi-route NAT for lots of IPs
From:       Ed W <lists () wildgooses ! com>
Date:       2012-01-27 23:54:21
Message-ID: 4F23392D.5010608 () wildgooses ! com
[Download RAW message or body]

On 02/01/2012 13:17, Anton Melser wrote:
>> you can probably also do this by adding
>> the public IPs to your mailserver?
> Definitely, makes load shifting very complicated though...

OK, so if you want an external "load balancer" then your problem reduces 
to *indicating* the desired mapped source address.

If the NAT is on an external box then you can't use fwmarks.  You can 
use either source port or dest port.  You could also add all IPs to all 
servers, but that seems rather tricky to make work in practice.  I think 
your best bet might be a hack, to use dest port as the indicator for 
"source IP".  Set your DNAT to map some range of dest ports to change 
the source to the IP and the dest port to 25. This will allow all 
machines to send and masquerade as any source ip...

I haven't quite thought this through, but I think it will work?


Good luck

Ed W
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]