Results 1 to 4 of 4

Thread: SuSEfirewall2 / IPTables and load balance outbound connections across multiple IPs

  1. #1
    Join Date
    Mar 2014
    Location
    Copenhagen
    Posts
    3

    Question SuSEfirewall2 / IPTables and load balance outbound connections across multiple IPs

    I am running SuSEfirewall2 and I want to run a command like this:
    iptables -t nat -A POSTROUTING -o eth0 -p tcp --dport 443 -j SNAT --to 86.58.111.131-86.58.111.189

    This command don't have any effect...


    And this is wrong:
    iptables -t nat -A forward_ext -o eth0 -p tcp --dport 443 -j SNAT --to 86.58.111.131-86.58.111.189


    Can someone help? Or come with a suggestion.... :-)

  2. #2
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    29,834

    Default Re: SuSEfirewall2 / IPTables and load balance outbound connections across multiple IPs

    Quote Originally Posted by powerbart View Post
    I am running SuSEfirewall2 and I want to run a command like this:
    iptables -t nat -A POSTROUTING -o eth0 -p tcp --dport 443 -j SNAT --to 86.58.111.131-86.58.111.189

    This command don't have any effect...
    Please do not only post tyour conclusions, but show why you came to those conclusions. E.g. when the above statement has no effect, then show a list of your IP tables, so we all can see it isn't there.

    Quote Originally Posted by powerbart View Post
    And this is wrong:
    iptables -t nat -A forward_ext -o eth0 -p tcp --dport 443 -j SNAT --to 86.58.111.131-86.58.111.189
    Again, you post a conclusion. Should we confirm that it is wrong? Do you think it should not be wrong? Or is there an error message you did not show?

    Do not forget that a good problem descriptions has three items;
    • what did you do;
    • what did you expect to happen;
    • what happened instead.

    No need to make it a bullet list or in the same sequence, but the information must be there. Else you press your potential helpers to make all sorts of assumptions and guesses, which will lead top confusion.
    Henk van Velden

  3. #3
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,295
    Blog Entries
    2

    Default Re: SuSEfirewall2 / IPTables and load balance outbound connections across multiple IPs

    Without being able to answer immediately,
    Just commenting that up until a couple years ago, this was not an easy thing to set up and required consulting the generally official "How To"

    http://lartc.org/

    But,
    I remember sometime probably between a year to 3 years ago in these forums there is a Forum thread which IIRC was only between that poster and myself that described a really simple way to do this... I can't seem to find it at the moment. It might have had to do with defining a system network policy (has nothing to do with permissions or Network Manager), it was a part of the standard TCP/IP stack. Am pretty sure that one thread is the only time this method was ever described... He couldn't get it to work at first (is why he posted), I set up on my own machine and got it to work with almost no changes to what he originally posted. I don't remember for sure if the solution was a network policy or an iptables configuration.

    If that thread can be found or the right combination of keywords used in an Internet search, I'm sure this can be found.

    Note that really simple methods like defining multiple routing tables, perhaps with different routing priorities does not work because TCP/IP is a 2-way protocol and responses for that session must always be returned through the same network interface, else you'll have lost packets and other related errors.

    TSU-
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  4. #4
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,295
    Blog Entries
    2

    Default Re: SuSEfirewall2 / IPTables and load balance outbound connections across multiple IPs

    Quote Originally Posted by powerbart View Post
    I am running SuSEfirewall2 and I want to run a command like this:
    iptables -t nat -A POSTROUTING -o eth0 -p tcp --dport 443 -j SNAT --to 86.58.111.131-86.58.111.189

    This command don't have any effect...


    And this is wrong:
    iptables -t nat -A forward_ext -o eth0 -p tcp --dport 443 -j SNAT --to 86.58.111.131-86.58.111.189


    Can someone help? Or come with a suggestion.... :-)
    Skimming some documentation,
    I cam across the following... Although the documentation is for firewalld, it describes a filtering rule that by default invalidates what you are trying to do. You should check for a similar iptables rule, it it exists and is set the same way, you may have to modify to enable your modifications. Inspect your rules for anything that might say "log denied"

    http://www.firewalld.org/documentati...alld.conf.html

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •