RE: Problems with LVS-NAT and direct routing to network behindLVS.....

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From: Pawel Kisiel <tecman@xxxxxxxxxxxxxxxxxxxx>
Date: Wed, 29 Aug 2001 21:48:34 +0200 (CEST)
On Wed, 29 Aug 2001, Zachariah Mully wrote:

>       If I understand you correctly you have a route between the DMZ and your
> private internal network and the box with the LVS-NAT is routing both
> requests from the Internet (traffic that should be load balanced) and
> from the internal network (traffic that shouldn't be LB'ed). 
Yes, that's true...

>You need to read up on either your firewall rules or setup an internal DNS 
>server to
> fix your problem as the problem isn't with the LVS, but with how you are
> NAT/Masq/Portfw'ing your external ips to the LB'ed RS'es.
I don't think so.... I don't need internal dns....I only need to get to
thsese machines by giving an ip address, nothing more...
        I'm using iptables right now...and I'm FORWARDing traffic between and not Masquerading it or SNATing....just
        but all traffic that should be directed to the internet is
SNATing....using POSTROUTING table....

>       Since you don't mention what you're running (ipchains/iptables), I
> can't help you any further than to say this is a lot easier to do if
> you're running iptables on the director/router. With ipchains there
> isn't any way that I know of to do what you want.

        So You know now that I'm involved in can You tell
me what to do in this situation?
        I want to achive:
        -route between and with
all ports available(even these that are mapped on LVS to loadbalance the
        -other traffic coming from internet to my LVS-NAT box can reach 
my hidden resources in on ports that I will configure...   
        -if it is possible also I would like to be able to conenct from to LVS-NAT resources when I will try to connect to them using
 public ip addresses(like normal clients from internet do)...
 (probably I will still have this ability but I'm not 100% sure about
 My diagram doesn't show that I have default gateway in when I'm 
to reach external ip addresses...    

        Thank You for any help in solving my problem...

Pawel Kisiel

