|
Justin Georgeson wrote:
>
> I was worried about that. :D
>
> Ok. Forget about ipvs for a second. Imagine using a linux box as your
> internet gateway/NAT, using iptables. Usually, I've done used a rule
> like this
>
> -A POSTROUTING -s 192.168.10.0/255.255.255.0 -o eth0 -j MASQUERADE
>
> On this particular gateway, I have multiple public IPs bound (eth0,
> eth0:1 - eth0:n). Each one of those aliased public IPs (eth0:1-n)
> correspond to a specific machine on the LAN. If you make a connection
> from one of those machines to an endpoint outside the LAN, it goes
> through NAT and appears to have the IP bound to eth0 as the source IP. I
> want to change iptables to a set of rules like this
>
> -A POSTROUTING -s 192.168.10.5/255.255.255.255 -o eth0:5 -j MASQUERADE
> -A POSTROUTING -s 192.168.10.6/255.255.255.255 -o eth0:6 -j MASQUERADE
> -A POSTROUTING -s 192.168.10.7/255.255.255.255 -o eth0:7 -j MASQUERADE
>
> So connections to the internet will have the right source IP (the
> destination IP that an incoming connetion would have).
for a bit of background look at
http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO-12.html#ss12.11
I don't know if what you want is possible. Someone might know here, but I don't.
> Now add into the mix that I use ipvs to forward specific ports on those
> aliased public IPs (eth0:1-n) to the respective machine on the lan. I
> just wanted to make sure that there wouldn't be any conflict by me doing
> this with iptables, I can't imagine it would, but just to be safe.
^^^^
"this" meaning the scheme above?
If so, I expect you would have a snarly mess with both iptables and ip_vs
stepping
in to do their thing to the packets.
You are masquerading by the ethernet device (here eth0).
I don't know if you can masquerade by IP. If so, you could set up
separate IPs on the NAT box with iproute2, rather than using aliases.
Joe
--
Joseph Mack PhD, Senior Systems Engineer, SAIC contractor
to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
|
