|
Hi,
Is there a clean way to connect to the virtual ip of a LVS-NAT
director from a realserver? Somehow I just don't get it to work. The
setup:
LVS eth0 ip: vip
LVS eth1 ip: router
REAL1 eth0 ip: rip1
REAL2 eth0 ip: rip2
router, rip1 and rip2 are all on the same subnet. vip is a public
internet address and all the others are privates. The default gateway
of rip1 and rip2 is router.
When I login on rip1 and do a telnet to vip port 80, this is what happens:
rip1 -> vip # outgoing from rip1
rip1 -> rip2 # dnat by ldirectord (lvs)
rip2 -> rip1 # rip2 handles the request and sends it back to the
# source address.
Since the rip1 send out a packet to vip, but receives the answer from
rip2 it cannot setup a tcp connection. The cleanest solution to this
(i guess) would be to implement source routing on the lvs:
iptables -t nat -A POSTROUTING -s rip1 -d rip2 -j SNAT --to-source router
Unfortunately this doesn't work. The packet is not rewritten.
What I'm trying to accomplish is this chain:
rip1 -> vip # outgoing from rip1
rip1 -> rip2 # dnat by lvs
router -> rip2 # snat by lvs
rip2 -> router # response from rip2
vip -> router # reverse the dnat
vip -> rip1 # reverse the snat
Is this possible?
Thanks,
Robbert-Jan
|
