On Fri, 23 Feb 2007, Nicklas Bondesson wrote:
> I have sucessfully built the kernel with your original patch (using the old
> Dependent connection tracking way). I am however still unable to SNAT
> traffic leaving the box. I'm runnng the director and firewall on the same
> This is enabled:
> enable the NFCT support at run time:
> echo 1 > /proc/sys/net/ipv4/vs/conntrack
> enable the SNAT rerouting for IPVS traffic (optional, useful for
> source based routing, in fact, not related to this NFCT support)
This rerouting is only for IPVS packets
> echo 1 > /proc/sys/net/ipv4/vs/snat_reroute
Can you clarify how the following rule is related to IPVS?
> And this is how I do SNAT: iptables -t nat -A POSTROUTING -o eth0 -j SNAT
> --to-source 220.127.116.11
> Any suggestions?
Is the SNAT rule working without NFCT patch?
Julian Anastasov <ja@xxxxxx>