I'm trying to load-balance connections for an openfire XMPP server - as such I have a connection manager hosted on a second server, and am trying to use IP tables as a load balancer. Both of these running on Linux CentOS 6.3 (yes I know it's old - working on that).
I've set up the connection manager on port 5300 on my second server (lets call it server A) and the XMPP server (server B) has been running happily for a number of years now and continues to do so.
The problem is getting the load balancing to actually do any balancing.
These are the prerouting rules I've applied on Server A (IP addresses redacted) to try and route traffic between the Connection Manager (port 5300) on Server A, and the XMPP service (port 5222) on Server B:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 <server A IP> tcp dpt:5222
statistic mode nth every 2 to:<server B IP>:5222
DNAT tcp -- 0.0.0.0/0 <server A IP> tcp dpt:5222
to:<server B IP>:5300
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
I connect to server A using port 5222 via Spark and it successfully logs into the XMPP service.
I would expect every even connection to Server A on port 5222 to have been forwarded to the openfire server on :5222, and every odd connection to be referred to the connection manager on :5300.
Reviewing the connections in openfire however, it seems that the connection is always being made via the connection manager.
Any thoughts on why this might be happening, or how to correct it? I'm aware of various load-balancing software solutions out there, but would prefer to handle this natively to minimise cost.
As it turns out, the xmpp server was never receiving the packets forwarded via the IPTables configuration, by the looks of it - yet the XMPP server has all default rules set to "accept" and no other rules stated, and is accepting connections from the connection manager. Spark then re-attempts the connection; and so of course connects to the connection manager as this is an "odd" connection.
I'll [post a new question/identify an existing one] regards the IPTables rules being used and why packets are not being forwarded and/or received - simpler question than the above.