0

I'm trying to setup load balancer via iptables that will forward new connection to the closest (geographical) node. I've seen examples of blocking traffic by country and was able to setup traditional load balancer that distributes connecting users between few nodes like that:

iptables -t nat -A PREROUTING -p tcp -i eth0 --dport PORTNUM -m state --state NEW -m statistic --mode nth --every 4 --packet 1 -j DNAT --to-destination x.x.x.x:PORTNUM

what I would want to do is to geocode user's location and choose closest server to them to reduce latency. What's gonna be the right way to do that?

I know, I can always write little proxy that'll connect to the right server and act as a real proxy, but I'd really like to make that happen on iptables level.

if that makes any sense, I'm targeting Ubuntu 16.04

I did see http://ipset.netfilter.org/iptables-extensions.man.html but didn't find answer to this question...any help or ideas would be appreciated!

Alex D
  • 145
  • 1
  • 6
  • The right way? Use a CDN. – jordanm Jul 24 '18 at 15:53
  • why would you not want to use a proxy which is built for handling such specific purposes? iptables is definitely handy for geolocating a user, but it just complicates the part with no additional added advantage which i can think of when the task is narrows down to splitting the traffic, so its better to configure a proxy and let it handle the load balancing part and iptables for geolocating the users request appropriately. – Corleone Jul 24 '18 at 15:55
  • CDN is not an option since most CDNs providers I have checked only work with ports 80, 8080 and 443...so this solution won't work for custom RPC on custom port – Alex D Jul 25 '18 at 10:40
  • as for proxy, the idea was to implement loadbalancer with iptables to have built-in ban by ip system and lowering CPU usage. i.e. blocked IPs would still connect to the host up until proxy will not disconnect it – Alex D Jul 25 '18 at 10:41

0 Answers0