|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Yo.
On 01.09.2006 22:26, Viktors Rotanovs wrote:
> I've changed NF_IP_LOCAL_IN to NF_IP_PRE_ROUTING at ip_vs_in_ops in
> ip_vs_core.c, and now it bypasses NAT, but I'm not a kernel hacker and
> I don't know which priority should be set and if it's possible to
> solve the problem that way.
If the LVS grabs a packet, you cant do any NAT on it any more. The
packet is as good as lost for those purposes (currently it seems so, at
least).
However, LVS does it's own NAT, is there a reason why you have to first
let LVS do its own nat and then have iptables nat again? couldn't you
just have the right LVS real servers (with right ports) in the first
place (using fwmarks, if that source address is important).
- --
Siim Põder
He had found a Nutri-Matic machine which had provided him with a plastic
cup filled with a liquid that was almost, but not quite, entirely unlike
tea.
-- Douglas Adams
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE+I/fdVkoBQGQR+MRAmHAAJ9k6VmsSPRZJq23Go0pHIplK4ZwZACeNBy8
aiCcCE5y3H+b9kHvBtEcw5M=
=87UB
-----END PGP SIGNATURE-----
|
