I want to forward TCP connections on a certain port of the machine A to another port on the machine B (which is actually the same that originated the connection to machine A) and simulate random or deterministic packet drops.
How can I do it with iptables?
man what? right, man iptables:
statistic
This module matches packets based on some statistic condition. It supports two distinct modes settable with the --mode option.
or
random
This module randomly matches a certain percentage of all packets. --average percent Matches the given percentage. If omitted, a probability of 50% is set.
If using FreeBSD is an option ipfw in FreeBSD has got some excellent features to mimic various types of connections. It can add latency, packet loss etc. Very useful for testing WAN performance of an application.
There are commercial products to do this as well. I can recommend Linktropy, we use it extensively to test our in-house applications. The mini2 model only costs a few hundred USD and is enough for most usecases. http://www.apposite-tech.com/products/mini2.html
