Re: doing both NAT and DR, I need help.

[Jeremy Hansen <jeremy@xxxxxxxxxxxx>]

This works!!!!  I'm very happy.  The only thing that threw me off was ip
rule needing advanced routing turn on the kernel.

You are the best.  Last week Horms was the best, but this week you are the
best.

Thanks
-jeremy

On Mon, 25 Sep 2000, Julian Anastasov wrote:

> 
>       Hello,
> 
> On Fri, 22 Sep 2000, Jeremy Hansen wrote:
> 
> > Ok.  Here's a layout of basically how it setup
> >
> >
> >                 internet
> >                     |
> >                 64.204.99.1 (network providers router)
> >                     |
> >               switch
> >                 |
> > real server 1                       lvs machine             real server 2
> > RIP (10.100.50.247)      RIP (64.204.99.249)        RIP (10.100.50.246)
> > lo:0 (64.204.99.240)             VIP (64.204.99.240)        lo:0 
> > (64.204.99.240)
> > default gw 64.204.99.1                              default gw 64.204.99.1
> > static arp entry                                    static arp entry
> > for the router,                                             for the router,
> > 64.204.99.1                                         64.204.99.1
> >
> > real server 3 (which is not to be load balanced)
> > RIP (10.100.50.245)
> >
> > The problem is real server 1,2,3 cannot get to the internet which is a
> > requirement.  Basically because these machines don't really have a real ip
> > address at all, so for them to get out, they need to be NAT's at some
> > point.
> >
> > What I thought you be possible is to set up a route or some type of rule
> > that says if traffic originates from 10.100.50.0/24, instead of using the
> > default gw, 64.204.99.1, go through 64.204.99.249 and be masqeraded, but
> > at thew same time if traffic originates from elsewhere and gets passed
> > from the LVS machine's VIP, then use the default gw and use DR instead.
> >
> > So I could masq and use DR for important traffic all at the same time.
> >
> > I hope this clears things up.  My original email was pretty misleading.
> 
>       No, it was clear.
> 
>       Additional settings for your setup:
> 
>       Settings for the real server(s):
> 
> ip rule add prio 100 from 10.100.50.0/24 table 100
> ip route add table 100 0/0 via 10.100.50.249 dev eth0
> 
>       For the director:
> 
>       You  have  to teach  your  LVS box  64.204.99.249 to
> listen on 10.100.50.249 and to stop the ICMP redirects:
> 
> ifconfig eth0:1 10.100.50.249 netmask 255.255.255.0
> 
> echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
> echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects
> 
> ipchains -A forward -s 10.100.50.0/24 -j MASQ
> 
>       Hope this helps.
> 
> > Thanks
> > -jeremy
> 
> Regards
> 
> --
> Julian Anastasov <ja@xxxxxx>
> 
> 

eholes.org * jeremy@xxxxxxxxxx
-----------------------------------------
eholes have feelings too...