All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Config Help: Load Balance Iptables output to 4 different ports
Hello,
I'm looking for some help about to configure correctly iptables to load balance a experiment of mine.
Basically the scenario is the following:
On a Ubuntu vps, I install tor and configure it to spawn 4 instances, doing transparent proxing to 4 different ports, then I install nginx, and want that all the outbound traffic of nginx passes thought the 4 tor transparent proxy ports, by load balancing with round-robin or by turn...
Now, I did searched a lot, and found this rule to be "kinda" working, but not fully 100%,
I will be grateful if someone with experience with iptables would give advice's/help in order to fix these rules and make them working please.
The rules:
iptables -t nat -A OUTPUT ! -o lo -p tcp -m owner --uid-owner nginx -m tcp -m statistic --mode nth --every 0 --packet 0 -j REDIRECT --to-ports 9010
iptables -t nat -A OUTPUT ! -o lo -p tcp -m owner --uid-owner nginx -m tcp -m statistic --mode nth --every 1 --packet 0 -j REDIRECT --to-ports 9011
iptables -t nat -A OUTPUT ! -o lo -p tcp -m owner --uid-owner nginx -m tcp -m statistic --mode nth --every 2 --packet 0 -j REDIRECT --to-ports 9012
iptables -t nat -A OUTPUT ! -o lo -p tcp -m owner --uid-owner nginx -m tcp -m statistic --mode nth --every 3 --packet 0 -j REDIRECT --to-ports 9013
Thanks a lot to who will help!
sorry for my english :P
Comments
I have no clue if this will work, as I've never used the statistic module, but you can try this (In this order):
excuse me,
but the rules above are the same you posted, you changed the
--every from 0,1,2,3 to 4,3,2,1 ,
will that effect somehow the whole setup?
As Im not an iptables specialist, the above line can be malformed, so Im asking here for help/corrections and suggestions in order to achieve the result with an other form if needed.
Thanks for the effort
The order can make a big difference in iptables. If your packet matches a rule, it will no longer go through the remaining rules. If it doesn't match a rule, it will follow the default policy. If you have --every 3 as your final rule, then every 1st and 2nd packet that reaches your final rule will not be redirected. I assumed this is why you said it's "kinda" working. You could also try using the random mode instead and split the probability between each port
-m statistic --mode random --probability .25 -j REDIRECT --to-ports 9010
thanks grillmaster, your help has been very useful !
I would like to ask, is more effective the random or nth mode? thanks!
Random could put more strain on your system due to random generators. Also, the float comparison might kill some performance.