ipvs and source nat

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: ipvs and source nat
From: Dan McCormick <dan@xxxxxxxxxx>
Date: Sun, 24 Sep 2006 18:29:11 -0400

I'm trying to use ipvs with source NAT and am not having much luck.  In
my case, my real servers can't use the director as the default gateway,
so I'd like the director to rewrite packets to the real servers with the
director's local IP as the source address.  Near as I can figure, the
real servers will then respond directly back to the director on the
local network, without needing the director as their default gateway.

I've installed the ipvs_nfct kernel patch, and echo'ed 1
to /proc/sys/net/ipv4/ip_forward, /proc/sys/net/ipv4/vs/conntrack,
and /proc/sys/net/ipv4/vs/snat_reroute.

I have a basic LVS set up:

CIP ==> VIP (Director) ==> RIP

ipvsadm -L -n looks like:

Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  $VIP:80 wrr
  -> $RIP:80                         Masq    30     0          0

(The ultimate goal is to have multiple RIPs, thus the need for LVS.)

Then I try a source NAT:

iptables -A POSTROUTING -t nat -j SNAT --to $DIRECTOR_LOCAL_IP -o eth0

(where eth0 is the local network interface)

However, using tcpdump on the real server, all the packets appear to be
from the CIP, not the director's local IP.

Are there any good resources describing the interaction of ipvs and
iptables?  I haven't been able to find any.

If anyone has any suggestions, please let me know.


<Prev in Thread] Current Thread [Next in Thread>