Re: IPVS/FreeSwan - Freeswan broke IPVS

To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: IPVS/FreeSwan - Freeswan broke IPVS
From: "Kip Iles" <kip@xxxxxxxxxxxxxxx>
Date: Tue, 30 Oct 2001 14:46:10 -0500
On October 29, 2001, Julian wrote:

> > If directorA redirects a packet to directorB using VS-TUN, does
> > need to have a tunl interface. The realserver behind directorB is
> Yes, the host where the packets are destined (used as real
> server IP in directorA) needs a tunneling interface. In your case this
> is directorB.

I tried setting up directorB with a tunl0 interface and can no longer get to
directorB at all.

One issue I am having difficulty comprehending is the interaction between
VS-NAT, VS-TUN, and iptables.

DirectorB uses iptables to setup a nat for all outbound traffic for it's
realservers so they can DNS, Mail, etc. DirectorB also is configured as
VS-NAT so inbound requests can get to the realservers and back out.
DirectorB is the only router for its realservers. This all worked fine.

Now, directorA wants to send an encapsulated packet to directorB. If I put a
tunl0 interface on directorB pointing to the NAT address of the realserver,
does ipip decapsulate before NATing?

I would expect the packet exchange like this:
                                                         or this:

Am I totally lame on this?


<Prev in Thread] Current Thread [Next in Thread>