RE: Problems with LVS-NAT and direct routing to network behindLVS.....

To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Problems with LVS-NAT and direct routing to network behindLVS.....
From: "Kim Le" <kiml@xxxxxxxxx>
Date: Wed, 29 Aug 2001 13:18:08 -0700
I think what you need to do is to create some alias IP addresses for your
LVS box.
LVS only listen to address that need to do loadbalancing (Internet traffic)
Others traffic will go through the addresses that are not listened by LVS.

-----Original Message-----
From: lvs-users-admin@xxxxxxxxxxxxxxxxxxxxxx
[mailto:lvs-users-admin@xxxxxxxxxxxxxxxxxxxxxx]On Behalf Of Pawel Kisiel
Sent: Wednesday, August 29, 2001 12:49 PM
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: RE: Problems with LVS-NAT and direct routing to network

On Wed, 29 Aug 2001, Zachariah Mully wrote:

>       If I understand you correctly you have a route between the DMZ and your
> private internal network and the box with the LVS-NAT is routing both
> requests from the Internet (traffic that should be load balanced) and
> from the internal network (traffic that shouldn't be LB'ed).
Yes, that's true...

>You need to read up on either your firewall rules or setup an internal DNS
server to
> fix your problem as the problem isn't with the LVS, but with how you are
> NAT/Masq/Portfw'ing your external ips to the LB'ed RS'es.
I don't think so.... I don't need internal dns....I only need to get to
thsese machines by giving an ip address, nothing more...
        I'm using iptables right now...and I'm FORWARDing traffic between and not Masquerading it or SNATing....just
        but all traffic that should be directed to the internet is
SNATing....using POSTROUTING table....

>       Since you don't mention what you're running (ipchains/iptables), I
> can't help you any further than to say this is a lot easier to do if
> you're running iptables on the director/router. With ipchains there
> isn't any way that I know of to do what you want.

        So You know now that I'm involved in can You tell
me what to do in this situation?
        I want to achive:
        -route between and with
all ports available(even these that are mapped on LVS to loadbalance the
        -other traffic coming from internet to my LVS-NAT box can reach
my hidden resources in on ports that I will configure...
        -if it is possible also I would like to be able to conenct from to LVS-NAT resources when I will try to connect to them using
 public ip addresses(like normal clients from internet do)...
 (probably I will still have this ability but I'm not 100% sure about
 My diagram doesn't show that I have default gateway in when
I'm trying
to reach external ip addresses...

        Thank You for any help in solving my problem...

Pawel Kisiel

_______________________________________________ mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to

<Prev in Thread] Current Thread [Next in Thread>