First question here, so please go easy:
I have a debian linux 5.0 server with two public interfaces. I would like to route outbound traffic from one instance of an application via one interface and the second instance through the second interface. There are some challenges:
- both instances of the application use the same protocol
- both instances of the application can access the entire internet (can't route based on dest network)
- I can't change the code of the application
- I don't think a typical approach to load balancing all traffic is going to work well, because there are relatively few destination servers being accessed in the outbound traffic, and all traffic would really need to be distributed pretty evenly across these relatively few servers.
I could probably run two virtualized servers on the box and bind each of them to a different interface, but I'm looking for a simpler solution, maybe using iproute or iptables?
Any ideas for me? Thanks in advance – and I'm happy to answer any questions.
Best Answer
Have you looked at the
ownermodule within iptables, possibly combined with a source NAT rule?This lets you setup
OUTPUTchain rules based on UID, GID, PID, SID and command name.