Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Config Help: Load Balance Iptables output to 4 different ports
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Config Help: Load Balance Iptables output to 4 different ports

eKoeKo Member
edited May 2016 in Help

Hello,

I'm looking for some help about to configure correctly iptables to load balance a experiment of mine.

Basically the scenario is the following:
On a Ubuntu vps, I install tor and configure it to spawn 4 instances, doing transparent proxing to 4 different ports, then I install nginx, and want that all the outbound traffic of nginx passes thought the 4 tor transparent proxy ports, by load balancing with round-robin or by turn...

Now, I did searched a lot, and found this rule to be "kinda" working, but not fully 100%,

I will be grateful if someone with experience with iptables would give advice's/help in order to fix these rules and make them working please.

The rules:

iptables -t nat -A OUTPUT ! -o lo -p tcp -m owner --uid-owner nginx -m tcp -m statistic --mode nth --every 0 --packet 0 -j REDIRECT --to-ports 9010
iptables -t nat -A OUTPUT ! -o lo -p tcp -m owner --uid-owner nginx -m tcp -m statistic --mode nth --every 1 --packet 0 -j REDIRECT --to-ports 9011
iptables -t nat -A OUTPUT ! -o lo -p tcp -m owner --uid-owner nginx -m tcp -m statistic --mode nth --every 2 --packet 0 -j REDIRECT --to-ports 9012
iptables -t nat -A OUTPUT ! -o lo -p tcp -m owner --uid-owner nginx -m tcp -m statistic --mode nth --every 3 --packet 0 -j REDIRECT --to-ports 9013

Thanks a lot to who will help!

sorry for my english :P

Thanked by 1yomero

Comments

  • grillmastergrillmaster Member

    I have no clue if this will work, as I've never used the statistic module, but you can try this (In this order):

    iptables -t nat -A OUTPUT ! -o lo -p tcp -m owner --uid-owner nginx -m tcp -m statistic --mode nth --every 4 --packet 0 -j REDIRECT --to-ports 9013

iptables -t nat -A OUTPUT ! -o lo -p tcp -m owner --uid-owner nginx -m tcp -m statistic --mode nth --every 3 --packet 0 -j REDIRECT --to-ports 9012

iptables -t nat -A OUTPUT ! -o lo -p tcp -m owner --uid-owner nginx -m tcp -m statistic --mode nth --every 2 --packet 0 -j REDIRECT --to-ports 9011

iptables -t nat -A OUTPUT ! -o lo -p tcp -m owner --uid-owner nginx -m tcp -m statistic --mode nth --every 1 --packet 0 -j REDIRECT --to-ports 9010
  • eKoeKo Member
    edited May 2016

    excuse me,

    but the rules above are the same you posted, you changed the

    --every from 0,1,2,3 to 4,3,2,1 ,

    will that effect somehow the whole setup?

    As Im not an iptables specialist, the above line can be malformed, so Im asking here for help/corrections and suggestions in order to achieve the result with an other form if needed.

    Thanks for the effort :)

  • grillmastergrillmaster Member

    The order can make a big difference in iptables. If your packet matches a rule, it will no longer go through the remaining rules. If it doesn't match a rule, it will follow the default policy. If you have --every 3 as your final rule, then every 1st and 2nd packet that reaches your final rule will not be redirected. I assumed this is why you said it's "kinda" working. You could also try using the random mode instead and split the probability between each port
    -m statistic --mode random --probability .25 -j REDIRECT --to-ports 9010

    Thanked by 1eKo
  • eKoeKo Member

    thanks grillmaster, your help has been very useful !

    I would like to ask, is more effective the random or nth mode? thanks!

  • teamaccteamacc Member

    Random could put more strain on your system due to random generators. Also, the float comparison might kill some performance.

Sign In or Register to comment.