Re: ipvs and source nat

To: " users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: ipvs and source nat
From: Siim Põder <windo@xxxxxxxxxxxxxxx>
Date: Mon, 25 Sep 2006 08:26:39 +0300

Dan McCormick wrote:
> In this case, suppose we have a CIP of that hits DIP #2; the
>  packet gets DNAT'ed by ipvs to RIP  Does the iptables 
> POSTROUTING chain (where you'd normally apply an SNAT) get applied to
>  the packet at that point?  I assumed it would, so I tried:

No. I had the same problem a couple of weeks ago and everything
indicated that the packets go straight to OUTPUT in filter (with or
without the nfct patches).

If you really wanted to make this work as it is, you could propably try
to set up source routing on the real servers. Configure another IP
address for each of the eight RS and use one set for one director and
the other set for the other director. Then apply source routing through
the appropriate director. Apache virtual hosts (if my assumptions hold)
are likely to need reconfiguration.

Siim Põder

