>On Thu, May 22, 2003 at 09:56:16AM +0100, Malcolm Turnbull wrote:
>> > Horms,
>> > As I know, the lvs director with NAT rewrites the destination IP
>> > address for incoming packets and rewrites the source IP address
>> > for outgoing packets. Thus real server must set lvs director as
>> > default gateway.
>> > Now I wonder if the lvs director can rewrite both destination IP
>> > address and source IP address for all packets. Example, director
>> > replace the destionation IP address with real server's IP address
>> > and replace the source IP address with director's private
>> > address.So real server don't have to set director as default
>> > gateway. Can lvs do it? Thank you
>> I also think that would be a nice feature for LVS .. F5 call it SNAT
>> (secure NAT) for daft marketing reasons and I guess 30-40 of their
>> customers use it because it is so easy to configure.
>> Probably not trivial to program though ?
>I don't really follow how such a feature can work.
>The Real Servers are still going to respond with their
>own IP address and this still needs to be rewritten somehow.
>That is unless there is some modification to the Real Servers.
>I guess I am missing the point somewhere.
I think this doesn't need to be rewritten somehow for real servers.
The director replaces the destination IP address with realserver IP address
and replaces the source IP address with private IP address for incoming packets.
Then realserver receives the packets and processes them. Because the packets
realserver received have the director private IP address as source IP address.
Realserver responses packets to director.
The director receives the packets from realservers , replace the destination
IP address with the client IP address and replace the source IP address with
I think this can work theoretically.
>That said, It should be easy enough to implement.
>Actually it might be possible to just use
>an ipchains rule to do it.
I wander if LVS can do it?