I'm looking for equivalent functionality in Linux as Mikrotik per-connection-classifier. My case is to use for dynamic CGNAT with preserving public IP for each user (not random public IP for each connection).
Thanks, Blažej
Asked
Active
Viewed 289 times
1 Answers
0
You can do that combining iptables with ipset but I believe you would want to use nftables for this. With jhash and vmap and update you can do just that. A general example for creating cgnat with nftables can be seen at: https://github.com/diorgesl/php-cgnat
Would look at: https://wiki.nftables.org/wiki-nftables/index.php/Load_balancing
I am pretty sure that this: https://habr.com/ru/post/501234/
is what you were looking for.
I have also written an example for the usage of jhash with a 4/5-tuple based load balancing. You can simply change the jhash to calculate the hash with the srcip and then add it into a set or a flow table.
elico
- 1
- 1