| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 16 Apr 2007 07:52:06 +0200 From: Patrick McHardy <kaber@...sh.net> To: Denys <denys@...p.net.lb> CC: wijata@...-labs.com, Andrew Morton <akpm@...ux-foundation.org>, netdev@...r.kernel.org, "bugme-daemon@...nel-bugs.osdl.org" <bugme-daemon@...zilla.kernel.org> Subject: Re: [Bugme-new] [Bug 8325] New: -j REDIRECT --to-ports 1000-1009, always first choosen Denys wrote: > On Mon, 16 Apr 2007 07:30:33 +0200, Patrick McHardy wrote > >>That makes sense with using multiple IPs (and we support doing that), >>but whats the point of load-balancing to differenet *ports*? > > > Easy - for example i have my own TCP acceleration solution, which is using > REDIRECT, then getsockopt/SO_ORIGINAL_DST to get original IP, then forwarding > to compressed tunnel, stripping unneeded bytes (oh, my expensive satellite > bandwidth). This way for example i can do some kind load-balancing for > satellite bandwidth. That sounds rather hackish, you might as well do it in your application. I just noticed we don't accept the random option for DNAT/REDIRECT yet, but that is easily fixed (I'll queue a patch for 2.6.22). Then this will work and select ports from the range randomly: iptables -t nat -A INPUT .. -j REDIRECT --to-ports 1000:1010 --random - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists