On 9/24/20 7:24 AM, Damien BROCHARD wrote: > Hi all, > > It's my first mail on this ML so if there's a bar to present myself > feel free to tell me ;) > (and i'm french so please be indulgent with my english) > > So, I have a server with multiple public IP and I want to present them > randomly when I access externales services. > > I have already used SNAT on other servers so nothing totally new for me. > For what I read from the manpages (shorewall-snat) I can user an > address or and adresse-range for the SNAT action in > /etc/shorewall/snat. But for my case the multiple IPs are not > contigue. > The manpages also says : > "Finally, you may also specify a comma-separated list of ranges and/or > addresses in this column." > But if I use : > SNAT(x.x.x.A,x.x.x.C,x.x.x.F) > A shorewall check tells me : > --- > Checking /etc/shorewall/snat... > ERROR: Only one SNAT address may be specified /etc/shorewall/snat (line 2) > --- > Do I misread the manpage ? >
No -- but the manpage is wrong :-(.
But you can do the following:
SNAT(x.x.x.A) ... { PROBABLILITY=0.33 }
SNAT(x.x.x.B) ... { PROBABLILITY=0.50 }
SNAT{x.x.x.F) ...
1/3 of the connections will be assigned to x.x.x.A. Of those that are
not assigned to that address, 1/2 will be assigned to x.x.x.B, and the
rest will be assigned to x.x.x.F. That results in flows being assigned
equally to the three addresses.
-Tom
--
Tom Eastep \ Q: What do you get when you cross a mobster
Shoreline, \ with an international standard?
Washington, USA \ A: Someone who makes you an offer you
http://shorewall.org \ can't understand
\________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
