Public domain
#!/bin/bash
# Configuration
ETH="eth0"
MASK="255.255.255.192"
PREFIX="217.218.229"
START="195"
COUNT="60"
# IP Setting
for I in $(seq 0 $(($COUNT - 1))); do
  IP="$PREFIX.$(($START+$I))"
  ifconfig $ETH:$I $IP netmask $MASK
done
# Flush tables
iptables -t nat -F
iptables -t mangle -F
# Load Balancing
iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark
for I in $(seq 1 $COUNT); do
  iptables -t mangle -A OUTPUT -p tcp --dport 80 -m state --state NEW -m statistic --mode nth --every $COUNT --packet $I -j MARK --set-mark $I
done
iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark
for I in $(seq 0 $(($COUNT - 1))); do
  IP="$PREFIX.$(($START+$I))"
  iptables -t nat -A POSTROUTING -m connmark --mark $(($I + 1))  -p tcp --dport 80 -j SNAT --to $IP
done
# Cache Redirect
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 3128
ETH="eth0"
MASK="255.255.255.0"
PREFIX="192.168.10"
START="16"
COUNT="3"
ifconfig eth0:0 192.168.10.16 netmask 255.255.255.0
ifconfig eth0:1 192.168.10.17 netmask 255.255.255.0
ifconfig eth0:2 192.168.10.18 netmask 255.255.255.0
iptables -t nat -F
iptables -t mangle -F
iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark
iptables -t mangle -A OUTPUT -p tcp --dport 80 -m state --state NEW -m statistic --mode nth --every 3 --packet 1 -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -p tcp --dport 80 -m state --state NEW -m statistic --mode nth --every 3 --packet 2 -j MARK --set-mark 2
iptables -t mangle -A OUTPUT -p tcp --dport 80 -m state --state NEW -m statistic --mode nth --every 3 --packet 3 -j MARK --set-mark 3
iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark
iptables -t nat -A POSTROUTING -m connmark --mark 1 -p tcp --dport 80 -j SNAT --to 192.168.10.16
iptables -t nat -A POSTROUTING -m connmark --mark 2 -p tcp --dport 80 -j SNAT --to 192.168.10.17
iptables -t nat -A POSTROUTING -m connmark --mark 3 -p tcp --dport 80 -j SNAT --to 192.168.10.18
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 3128
eth0      Link encap:Ethernet  HWaddr 00:50:BF:96:A5:83
          inet addr:172.16.20.10  Bcast:172.16.20.255  Mask:255.255.255.0
          inet6 addr: fe80::250:bfff:fe96:a583/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:110 errors:0 dropped:0 overruns:0 frame:0
          TX packets:91 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:10876 (10.6 KiB)  TX bytes:10997 (10.7 KiB)
          Interrupt:10 Base address:0x8000
eth0:0    Link encap:Ethernet  HWaddr 00:50:BF:96:A5:83
          inet addr:192.168.10.16  Bcast:192.168.10.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:10 Base address:0x8000
eth0:1    Link encap:Ethernet  HWaddr 00:50:BF:96:A5:83
          inet addr:192.168.10.17  Bcast:192.168.10.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:10 Base address:0x8000
eth0:2    Link encap:Ethernet  HWaddr 00:50:BF:96:A5:83
          inet addr:192.168.10.18  Bcast:192.168.10.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:10 Base address:0x8000
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
Chain PREROUTING (policy ACCEPT 120 packets, 8256 bytes)
    pkts      bytes target     prot opt in     out     source               destination
Chain INPUT (policy ACCEPT 120 packets, 8256 bytes)
    pkts      bytes target     prot opt in     out     source               destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               destination
Chain OUTPUT (policy ACCEPT 86 packets, 10792 bytes)
    pkts      bytes target     prot opt in     out     source               destination
      86    10792 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK restore
       0        0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 state NEW statistic mode nth every 3 packet 1 MARK set 0x1
       0        0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 state NEW statistic mode nth every 3 packet 2 MARK set 0x2
       0        0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 state NEW statistic mode nth every 3 packet 3 MARK set 0x3
Chain POSTROUTING (policy ACCEPT 86 packets, 10792 bytes)
    pkts      bytes target     prot opt in     out     source               destination
      86    10792 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK save
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               destination
       0        0 REDIRECT   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 3128
Chain POSTROUTING (policy ACCEPT 1 packets, 116 bytes)
    pkts      bytes target     prot opt in     out     source               destination
       0        0 SNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK match 0x1 tcp dpt:80 to:192.168.10.16
       0        0 SNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK match 0x2 tcp dpt:80 to:192.168.10.17
       0        0 SNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK match 0x3 tcp dpt:80 to:192.168.10.18
Chain OUTPUT (policy ACCEPT 1 packets, 116 bytes)
    pkts      bytes target     prot opt in     out     source               destination
BY: Pejman Moghadam 
TAG: nat, load-balancing, iptables, bash, bash-script 
DATE: 2009-05-27 09:15:20