|
On Sat, Feb 02, 2013 at 10:12:41AM +0100, Stefan Bauer wrote:
> Dear developers,
>
> how does the mode fullnat work and how is it implemented?
>
> I see there are patches at
> http://kb.linuxvirtualserver.org/images/a/a5/Lvs-fullnat-synproxy.tar.gz for
> the kernel.
I do not believe that is the code that was merged into the kernel.
Full-nat for IPVS was included in the 2.6.35 kernel and I do not
details of how to configure it have changed since.
> How is this mode triggered in userland? I see there are patches for
> ipvsadm as well. Additionally to this, do i have to set a SNAT-rule with
> iptables?
>
> It would be nice to get some informations on this - there arent many
> informations out there about the deeper details.
My recollection is as follows:
FULL-NAT is implemented by using the existing LVS-NAT (DNAT) implementation
plus an IPVS helper module for iptables which allows it to handle SNAT
of connections which are handled by IPVS.
The code changes where:
* IPVS (kernel)
* New iptables IPVS module (kernel)
* New iptables IPVS module (user-space)
There is some description of how this may be configured at
http://old.nabble.com/-lvs-users---PATCH-v2-0-4--IPVS-full-NAT-support-%2B-netfilter-'ipvs'-match-support-tc25663214.html
and
http://blog.loadbalancer.org/enabling-snat-in-lvs-xt_ipvs-and-iptables/
I have cut and pasted a portion of the first link below:
% ipvsadm -A -t 192.168.100.30:80 -s rr
% ipvsadm -a -t 192.168.100.30:80 -r 192.168.10.20:80 -m
# ...
# Source NAT for VIP 192.168.100.30:80
% iptables -t nat -A POSTROUTING -m ipvs --vaddr 192.168.100.30/32 \
--vport 80 -j SNAT --to-source 192.168.10.10
or SNAT-ing only a specific real server:
% iptables -t nat -A POSTROUTING --dst 192.168.11.20 \
-m ipvs --vaddr 192.168.100.30/32 -j SNAT --to-source 192.168.10.10
--
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
|
