|
Hello,
On Thu, 1 Feb 2001, Joseph Mack wrote:
> > ip route add default dev eth0 via uplink src VIP
>
> the iproute2 HOWTO says that uplink should be the IP of
> the machine being NAT'ed (here 192.168.1.12).
>
> my command was
>
> ip route add default dev eth0 via 192.168.1.12 src 192.168.2.110
> | |
> RIP VIP
No :) this is the default route. It points to the uplink
router. Hm, my mail from Sep 25 is for setting source routing in the
real server. By this way we can redirect the outgoing traffic to
different uplink gateways: to the director (when NAT-ed) or to
another uplink router when for DR method.
I assume in current thread we try to solve the problem in the
director where we want to select different VIPs as masquerading
addresses. This is for the NAT-ed connections initiated from the
internal hosts and this is not related to the LVS operation. We
can remove the words LVS here. We just need to select different
masquerade addresses in the NAT box according to the internal server
IP address. This is in the FORWARD chain. For LVS we know that this
process (maddr selection) is performed in the LOCAL_IN chain.
> I tried the IP of the director and the client, but got errors
> running the command (network not available or something like that).
>
> > Do I know this setup? What IP
> > addresses and routes are defined in the director?
>
> client
> (eth0 192.168.2.254)
> |
> (eth0 192.168.2.1 = director)
> (eth0:1 192.168.2.110 = VIP)
> director
> (eth1:192.168.1.9)
> |
> (eth0 192.168.1.11)
> (lo:0 192.168.2.110 = VIP)
> real-server
>
> director has ip_forwarding on, is just NAT'ing at the moment
> (have run ipvsadm -C)
>
> tcpdump on client shows telnet packets arrive with src=director
>
> If I can get sessions initiating on the real-server to emerge from
> the director with s_addr=VIP, I want to use this to get the connect
> requests from authd on the real-servers out to the client. The
> authd connect requests from the real-server have s_addr = VIP.
> Presumably I can NAT this on the real-server to the RIP
> before it is sent to the director?
Yes, I was sure we talk for this problem. I'm still thinking on
this problem. For now, I'm sure the packets must exit from the real
server with saddr!=any_director_ip and they must be NAT-ed in the
director when forwarded to the client with maddr=VIP. So, we must
convert them in the real server:
- when there is a packet from VIP to 0.0.0.0/0 113 then convert the
source address (VIP) to RIP2 and then send it to the director.
- the director must be patched to lookup for maddr in this way:
when packet comes from RIP2 and goes to 0.0.0.0/0 then use maddr=VIP
Currently, the NAT box think in this way: when packets goes to
0.0.0.0/0 then use maddr=route_src. I.e. the saddr in the packets is
not considered.
So, we need a way to nat the outgoing packets in the real
server but only when we access the client's authd. There is no
route by fwmark for locally generated packet in 2.2, so I'm not
sure how we will distinguish port 113 from port 1024 (the client).
> Joe
Regards
--
Julian Anastasov <ja@xxxxxx>
|
