Round Robin Outgoing IPv6 Connections with Iptables

I’ve needed to round-robin outgoing IPv6 connections in the past for various projects and this is how I do it. Each new outgoing IPv6 connection gets a new IPv6 address.

The following assumes that you have 10 IPv6 addresses that you would like to use for the purpose of round-robin:

2a02:e00:ffec:115::a
2a02:e00:ffec:115::9
2a02:e00:ffec:115::8
2a02:e00:ffec:115::7
2a02:e00:ffec:115::6
2a02:e00:ffec:115::5
2a02:e00:ffec:115::4
2a02:e00:ffec:115::3
2a02:e00:ffec:115::2
2a02:e00:ffec:115::1

Note that eth0 is the name of the interface, replace that with the name of your interface and replace the IPv6 addresses with your own addresses. You can check your interfaces with the ifconfig command.

ip6tables -t nat -A POSTROUTING -o eth0 -m statistic --mode nth --every 10 --packet 0 -j SNAT --to 2a02:e00:ffec:115::a
ip6tables -t nat -A POSTROUTING -o eth0 -m statistic --mode nth --every 9 --packet 0 -j SNAT --to 2a02:e00:ffec:115::9
ip6tables -t nat -A POSTROUTING -o eth0 -m statistic --mode nth --every 8 --packet 0 -j SNAT --to 2a02:e00:ffec:115::8
ip6tables -t nat -A POSTROUTING -o eth0 -m statistic --mode nth --every 7 --packet 0 -j SNAT --to 2a02:e00:ffec:115::7
ip6tables -t nat -A POSTROUTING -o eth0 -m statistic --mode nth --every 6 --packet 0 -j SNAT --to 2a02:e00:ffec:115::6
ip6tables -t nat -A POSTROUTING -o eth0 -m statistic --mode nth --every 5 --packet 0 -j SNAT --to 2a02:e00:ffec:115::5
ip6tables -t nat -A POSTROUTING -o eth0 -m statistic --mode nth --every 4 --packet 0 -j SNAT --to 2a02:e00:ffec:115::4
ip6tables -t nat -A POSTROUTING -o eth0 -m statistic --mode nth --every 3 --packet 0 -j SNAT --to 2a02:e00:ffec:115::3
ip6tables -t nat -A POSTROUTING -o eth0 -m statistic --mode nth --every 2 --packet 0 -j SNAT --to 2a02:e00:ffec:115::2
ip6tables -t nat -A POSTROUTING -o eth0 -m statistic --mode nth --every 1 --packet 0 -j SNAT --to 2a02:e00:ffec:115::1

I’ve needed this to bypass rate limiting websites, and as I have more IPv6 addresses than IPv4, it only made sense to round-robin the IPv6 addresses. The website also must support IPv6, but a lot of websites do, so give it a shot.

Leave a Reply

Your email address will not be published. Required fields are marked *