Stateful Load Balancer with iptables and NAT

Allow IP forwarding

(Note: if your testing this on the same box your doing this on it won’t work, you need at least 3 machines to test this out, virtual ones work nicely)

First we enable ipv4 forwarding or this will not work:

# echo "1" > /proc/sys/net/ipv4/ip_forward

XOR

# sysctl net.ipv4.ip_forward=1

next we add a filter that changes the packets destination ip and allows us to masquerade:

# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.3:80
# iptables -t nat -A POSTROUTING -j MASQUERADE

The above filter gets added to iptables PREROUTING chain. The packets first go through the filters in the PREROUTING chain before iptables decides where they go. The above filter says all packets input into eth0 that use tcp protocol and have a destination port 80 will have their destination address changed to 1.2.3.4 port 80. The DNAT target in this case is responsible for changing the packets Destination IP address. Variations of this might include mapping to a different port on the same machine or perhaps to another interface all together, that is how one could implement a simple stateful vlan (in theory). Continue reading “Stateful Load Balancer with iptables and NAT” »

Share

DNS UDP Load Balancer using Nginx

The plan is to build a DNS- UDP load balancer DNS recursive server (actually forwarding service). The design logic is simple-

On client side a public recursive+forwarding DNS IP –> hits the Nginx Load Balancers  –> sends traffic to Google Public DNS/IBM Public DNS/Own recursive DNS/OpenDNS.

The configuration is quite simple on Nginx Load Balancer, the core configuration content is pretty straight forward:

# Load balance UDP-based DNS traffic across two servers
stream {
upstream dns_upstreams {
server 192.168.136.130:53;
server 192.168.136.131:53;
}

server {
listen 53 udp;
proxy_pass dns_upstreams;
proxy_timeout 1s;
proxy_responses 1;
error_log logs/dns.log;
}
}

Continue reading “DNS UDP Load Balancer using Nginx” »

Share

Load Balancing using Ldirectord on Linux (Apache) web server

For this setup, we need four nodes (two Apache nodes and two load balancer nodes) and five IP addresses: one for each node and one virtual IP address that will be shared by the load balancer nodes and used for incoming HTTP requests.

I will use the following setup here:

Apache node 1: webserver1.tm.local (webserver1) – IP address: 192.168.0.103; Apache document root: /var/www
Apache node 2: webserver2.tm.local (webserver2) – IP address: 192.168.0.104; Apache document root: /var/www
Load Balancer node 1: loadb1.tm.local (loadb1) – IP address: 192.168.0.101
Load Balancer node 2: loadb2.tm.local (loadb2) – IP address: 192.168.0.102
Virtual IP Address: 192.168.0.105 (used for incoming requests)

In this tutorial I will use Ubuntu 8.04 LTS for all four nodes, just install basic Ubuntu 8.04 LTS on all four nodes. I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you! I also recommend you to have a DNS server in place. Continue reading “Load Balancing using Ldirectord on Linux (Apache) web server” »

Share