Re: How does the mode fullnat work in detail and is implemented?

To: Stefan Bauer <stefan.bauer@xxxxxxxxxxx>
Subject: Re: How does the mode fullnat work in detail and is implemented?
Cc: "lvs-devel@xxxxxxxxxxxxxxx" <lvs-devel@xxxxxxxxxxxxxxx>
From: Simon Horman <horms@xxxxxxxxxxxx>
Date: Tue, 5 Feb 2013 10:44:35 +0900
On Sat, Feb 02, 2013 at 10:12:41AM +0100, Stefan Bauer wrote:
> Dear developers,
> how does the mode fullnat work and how is it implemented?
> I see there are patches at 
> for 
> the kernel.

I do not believe that is the code that was merged into the kernel.
Full-nat for IPVS was included in the 2.6.35 kernel and I do not
details of how to configure it have changed since.

> How is this mode triggered in userland? I see there are patches for
> ipvsadm as well. Additionally to this, do i have to set a SNAT-rule with
> iptables?
> It would be nice to get some informations on this - there arent many
> informations out there about the deeper details.

My recollection is as follows:

FULL-NAT is implemented by using the existing LVS-NAT (DNAT) implementation
plus an IPVS helper module for iptables which allows it to handle SNAT
of connections which are handled by IPVS.

The code changes where:
* IPVS (kernel)
* New iptables IPVS module (kernel)
* New iptables IPVS module (user-space)

There is some description of how this may be configured at'ipvs'-match-support-tc25663214.html

I have cut and pasted a portion of the first link below:

% ipvsadm -A -t -s rr 
% ipvsadm -a -t -r -m 
# ... 

# Source NAT for VIP 
% iptables -t nat -A POSTROUTING -m ipvs --vaddr \
  --vport 80 -j SNAT --to-source

or SNAT-ing only a specific real server:

% iptables -t nat -A POSTROUTING --dst \
  -m ipvs --vaddr -j SNAT --to-source
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at

<Prev in Thread] Current Thread [Next in Thread>