LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

LVS-NAT + 2.4 iptables firewalling

To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: LVS-NAT + 2.4 iptables firewalling
From: "Ben" <bench@xxxxxxxxxx>
Date: Thu, 20 Jun 2002 13:24:46 -0700
Hello all. I've just spent a lot of time trying to understand the howto and looking through the mailing lists, but nothing seems to be answering my question:
 
Can I combine the director of a LVS-NAT setup with an iptables-based natting firewall? In other words, if I have this setup:
 
   internet
      |
+=====+====+ 1.2.3.4
| Firewall |
+=====+====+ 10.0.0.254
      |
+=====+====+ 10.0.0.1
| Director |
+==+====+==+ 10.0.1.254
   |    |
   |  +=+===+ 10.0.1.1
   |  | RS1 |
   |  +=====+
   |
 +=+===+ 10.0.1.2
 | RS2 |
 +=====+
 
...where the Virtual IP that a client will use is 1.2.3.4, which gets translated by the firewall into 10.0.0.1, which the Director treats as the virtual IP, with the end result that requests to 1.2.3.4 should get balanced between 10.0.1.1 and 10.0.1.2. This seems like it should present no problems.
 
However, I'd like to be cheap and combine the firewall and director into the box. It seems like this should work too, but from my tests it seems that the natting done in the firewall isn't letting the lvs code at the packets, so nothing is actually making it through.
 
Unfortunately, I can't even tell if this is supposed to work to begin with. The howto has a lot of information in it, but on this particular issue it only has vauge, conflicting snippets of email. Is anybody out there doing something similar to this?
<Prev in Thread] Current Thread [Next in Thread>