We are in the process of changing firewalls. The old firewall has
load balancing configured for our SMTP servers using ipvsadm
(single eternal address alternating between several internal
The new firewall will be using iptables for port forwarding and I
am having a bit of a problem figuring out how to load balance our
I would like to keep using ipvsadm but I can't think of a way to
stop it from getting mixed up with iptables.
The firewall will be doing SNAT for the network (including the
SMTP servers), as well as having multiple public IP addresses for
How do I configure iptables not to SNAT the load-balanced
traffic, while at the same time allowing the SMTP servers to go
out to the internet (apart from setting up another gateway)?
I have also tried out the "pen" package which would have been
ideal, except it masks the client IP address.
Are there better ways?
Thank you in advance,
To UNSUBSCRIBE, email to debian-firewall-REQUEST.TakeThisOut@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster.TakeThisOut@lists.debian.org