Re: src_addr for outgoing NAT packets.

To:	Joseph Mack <mack.joseph@xxxxxxx>
Subject:	Re: src_addr for outgoing NAT packets.
Cc:	<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
From:	Julian Anastasov <ja@xxxxxx>
Date:	Thu, 1 Feb 2001 22:10:53 +0000 (GMT)

        Hello,

On Thu, 1 Feb 2001, Joseph Mack wrote:

> Julian Anastasov wrote:
>
> > Here is one example:
> >
> > ip rule add prio 100 from 192.168.0.1 table 100
>                             ^^^^^^^
> I assume this should be  10.0 ?
> > ip route add table 100 10.0.0.1 via 192.168.1.2 dev eth0 src 192.168.1.3
>
> I have a VS-DR LVS. One of the real-servers is telnet'ing
> to the outside world with NAT, using your instructions of 25 Sep 2000.
> I haven't tested, but I presume these NAT'ed packets
> arrive with s_addr = the IP (on eth0) of the director. I would like them
> to arrive with s_addr = VIP (on eth0:1)

        It seems this is not possible with -j MASQ. When a maddr is
selected the only argument used in the decision is the destination
address (where you try to connect to). The source address 192.168.1.12
is not considered. May be this is possible with the dumb nat, i.e.
ip route ... nat .... But it is stateless and collisions can occur
with the normally masqueraded connections.

        So, if we define:

ip route add default dev eth0 via uplink src VIP

the VIP will be always selected as maddr. The primary address will not
be selected. And this is a problem when we want different VIPs to be
selected. I'm not sure why the source address is not involved in the
decision. I have to investigate it and we can patch it. This fix will
allow for the different NAT-ed internal hosts different masquerade
addresses to be selected. I'm not sure whether this will work for all
places where such address is selected.

> the realserver is 192.168.1.12. The VIP is 192.168.2.110 (eth0:1
> on the director), the director's NIC facing the outside world is 192.168.2.1.
> All IPs are pingable from the director (only the realserver's IP is not
> on the director.)
>
> To get telnet packets from the real-server to emerge with s_addr = VIP,
> I tried
>
> ip rule add prio 100 from 192.168.1.12 table 100
> ip route add table 100 192.168.1.12 via 192.168.2.1 dev eth0 src 192.168.1.110
                         ^^^^^^^^^^^^
                         this is destination, not a source address

> the last command gives the error
>
> RTNETLINK answers: Network is unreachable.

        May be you don't have route to 192.168.2.1 or 192.168.1.11
is not local address defined on eth0? Do I know this setup? What IP
addresses and routes are defined in the director?

> Do you know what's going on?
>
> Joe


Regards

--
Julian Anastasov <ja@xxxxxx>

<Prev in Thread]	Current Thread	[Next in Thread>
Re: src_addr for outgoing NAT packets., Joseph Mack Re: src_addr for outgoing NAT packets., Julian Anastasov Re: src_addr for outgoing NAT packets., Joseph Mack Re: src_addr for outgoing NAT packets., Julian Anastasov Re: src_addr for outgoing NAT packets., Joseph Mack Re: src_addr for outgoing NAT packets., Julian Anastasov <= Re: src_addr for outgoing NAT packets., Joseph Mack Re: src_addr for outgoing NAT packets., Julian Anastasov Re: src_addr for outgoing NAT packets., Joseph Mack Re: src_addr for outgoing NAT packets., Julian Anastasov Re: src_addr for outgoing NAT packets., Joseph Mack Re: src_addr for outgoing NAT packets., Julian Anastasov Re: src_addr for outgoing NAT packets., Joseph Mack How can I enlarge the useful port number?, Wang Haiguang Re: How can I enlarge the useful port number?, Horms Re: How can I enlarge the useful port number?, Michael E Brown

Previous by Date:	Re: src_addr for outgoing NAT packets., Joseph Mack
Next by Date:	Re: src_addr for outgoing NAT packets., Joseph Mack
Previous by Thread:	Re: src_addr for outgoing NAT packets., Joseph Mack
Next by Thread:	Re: src_addr for outgoing NAT packets., Joseph Mack
Indexes:	[Date] [Thread] [Top] [All Lists]