I think what you need to do is to create some alias IP addresses for your
LVS only listen to address that need to do loadbalancing (Internet traffic)
Others traffic will go through the addresses that are not listened by LVS.
[mailto:lvs-users-admin@xxxxxxxxxxxxxxxxxxxxxx]On Behalf Of Pawel Kisiel
Sent: Wednesday, August 29, 2001 12:49 PM
Subject: RE: Problems with LVS-NAT and direct routing to network
On Wed, 29 Aug 2001, Zachariah Mully wrote:
> If I understand you correctly you have a route between the DMZ and your
> private internal network and the box with the LVS-NAT is routing both
> requests from the Internet (traffic that should be load balanced) and
> from the internal network (traffic that shouldn't be LB'ed).
Yes, that's true...
>You need to read up on either your firewall rules or setup an internal DNS
> fix your problem as the problem isn't with the LVS, but with how you are
> NAT/Masq/Portfw'ing your external ips to the LB'ed RS'es.
I don't think so.... I don't need internal dns....I only need to get to
thsese machines by giving an ip address, nothing more...
I'm using iptables right now...and I'm FORWARDing traffic between
10.10.0.0/24 and 10.10.1.0/24 not Masquerading it or SNATing....just
but all traffic that should be directed to the internet is
SNATing....using POSTROUTING table....
> Since you don't mention what you're running (ipchains/iptables), I
> can't help you any further than to say this is a lot easier to do if
> you're running iptables on the director/router. With ipchains there
> isn't any way that I know of to do what you want.
So You know now that I'm involved in iptables....so can You tell
me what to do in this situation?
I want to achive:
-route between 10.10.0.0/24 and 10.10.1.0/24 with
all ports available(even these that are mapped on LVS to loadbalance the
-other traffic coming from internet to my LVS-NAT box can reach
my hidden resources in 10.10.1.0/24 on ports that I will configure...
-if it is possible also I would like to be able to conenct from
10.10.0.0/24 to LVS-NAT resources when I will try to connect to them using
public ip addresses(like normal clients from internet do)...
(probably I will still have this ability but I'm not 100% sure about
My diagram doesn't show that I have default gateway in 10.10.0.0/24 when
to reach external ip addresses...
Thank You for any help in solving my problem...
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users