0
3

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 3 years have passed since last update.

iptablesでロードバランサー機能を簡単に実現

Last updated at Posted at 2021-04-30

概要

linux iptablesコマンドでロードバランサー機能を簡単に実現する。

#パータン①:remoteからfront serverのポート3000にアクセスする場合
client pc ---> front server(port 3000) ---> backend server(port 80)
                                  |-------> backend server(port 81) 

#パータン②:front serverからローカルのポート3000にアクセスする場合
front server(port 3000) ---> backend server(port 80)
                   |-------> backend server(port 81)      

#環境
AWS EC2 VM(Debian) 2台
・front server
public ip: 18.183.27.124
private ip: 172.31.11.10

・backend server
public ip: なし
private ip: 172.31.8.4

#設定手順

front server設定

IP forwardを有効にする

admin@ip-172-31-11-10:~$ cat <<EOF | sudo tee /etc/sysctl.d/ipforward.conf
> net.ipv4.ip_forward=1
> EOF
net.ipv4.ip_forward=1
admin@ip-172-31-11-10:~$ 
admin@ip-172-31-11-10:~$ sudo sysctl --system
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/ipforward.conf ...
net.ipv4.ip_forward = 1
* Applying /etc/sysctl.d/protect-links.conf ...
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.conf ...
admin@ip-172-31-11-10:~$ 

iptablesにルールを追加する

admin@ip-172-31-11-10:~$ sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#又は、
admin@ip-172-31-11-10:~$ sudo iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 172.31.11.10

#パータン①
admin@ip-172-31-11-10:~$ sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3000 -m statistic --mode random --probability 0.5 -j DNAT --to-destination 172.31.8.4:80
admin@ip-172-31-11-10:~$ sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3000 -j DNAT --to-destination 172.31.8.4:81
#パータン②
admin@ip-172-31-11-10:~$ sudo iptables -t nat -A OUTPUT -p tcp --dport 3000 -m statistic --mode random --probability 0.5 -j DNAT --to-destination 172.31.8.4:80
admin@ip-172-31-11-10:~$ sudo iptables -t nat -A OUTPUT -p tcp --dport 3000 -j DNAT --to-destination 172.31.8.4:81

backend server設定

ポート80と81をlistenできれば、httpdやnginxなど、何でもいいです。

# terminal #1
admin@ip-172-31-8-4:~$ sudo nc -lnv -p 80 < index.html
listening on [any] 80 ...

# terminal #2
admin@ip-172-31-8-4:~$ sudo nc -lnv -p 81 < index2.html
listening on [any] 81 ...

#検証手順

#パータン①
~ 🍀  > curl 18.183.27.124:3000
<html>
<h1>say hello!</h1>
</html>
^C
~ 🍀  > curl 18.183.27.124:3000
<html>
<h1>say hello 2!</h1>
</html>
^C
~ 🍀  > 

#パータン②
admin@ip-172-31-11-10:~$ curl 172.31.11.10:3000
<html>
<h1>say hello!</h1>
</html>
^C
admin@ip-172-31-11-10:~$ curl 172.31.11.10:3000
<html>
<h1>say hello 2!</h1>
</html>
^C
# DNATを実施しますので、何のIPアドレスでもOKです。(除外:localhost,127.0.0.1)
admin@ip-172-31-11-10:~$ curl 1.2.3.4:3000
<html>
<h1>say hello 2!</h1>
</html>
^C
admin@ip-172-31-11-10:~$
0
3
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
0
3

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?