vip-by-iptables-demo

gistfile1.txt

#!/bin/bash

iptables -t nat -N VIP-SERVICES
iptables -t nat -N VIP-DISTRIBUTION-NGINX
iptables -t nat -N VIP-DISTRIBUTION-NGINX-1
iptables -t nat -N VIP-DISTRIBUTION-NGINX-2
iptables -t nat -N VIP-POSTROUTING

iptables -t nat -I PREROUTING -j VIP-SERVICES
iptables -t nat -I OUTPUT -j VIP-SERVICES

iptables -t nat -A VIP-SERVICES -p tcp -m tcp --dport 443 -j VIP-DISTRIBUTION-NGINX

iptables -t nat -A VIP-DISTRIBUTION-NGINX -m statistic --mode random --probability 0.50000000000 -j VIP-DISTRIBUTION-NGINX-1
iptables -t nat -A VIP-DISTRIBUTION-NGINX -j VIP-DISTRIBUTION-NGINX-2

iptables -t nat -A VIP-DISTRIBUTION-NGINX-1 -p tcp -m tcp -j DNAT --to-destination "100.125.120.34:443"
iptables -t nat -A VIP-DISTRIBUTION-NGINX-2 -p tcp -m tcp -j DNAT --to-destination "100.125.120.35:443"


iptables -t nat -A POSTROUTING -o eth0 -j VIP-POSTROUTING
iptables -t nat -A VIP-POSTROUTING -d "100.125.120.0/24" -p tcp -m tcp -j MASQUERADE

output_iface=eth0
echo 1 > /proc/sys/net/ipv4/conf/$output_iface/route_localnet

访问本机 443 端口全部转发到 100.125.120.34 、100.125.120.35