|
Rodre Ghorashi-Zadeh napisał(a):
I am totally confused about the whole SNAT, snat_reroute, NFCT, etc. I
have downloaded Julian's NFCT patch for my kernel (centos 4.4
2.6.9-42.0.10.ELsmp), patched/built/installed the kernel, echoed 1 >
/proc/sys/net/ipv4/vs/conntrack & and snat_reroute, wrote an iptables
rule that looks like this: iptables -t nat -A POSTROUTING -p tcp -s
$MYIP -d $RIP --dport $SOMEPORT -j SNAT --to-source $DEFAULTGATE, sent
the appropriate traffic that should get caught and manipulated by the
previous rule, experienced no results ...
Exactly as I was before. Then I reread all Julian's writings on this
matter and understood that saying SNAT he meant changing RIP source
address back to VIP on packets traversing LVS-NAT director back to
clients (OUT direction).
... does the patch provided by Janusz Krzysztofik at
http://www.icnet.pl/download/ip_vs_dr-conntrack.patch allow you to at
least do an iptables style SNAT to LVS-DR type packets?
Yes, exactly, and not only SNAT, but full conntrack as well. But please
remember, this is my own solution, not supported by LVS people in any
way, and not yet commented by them, so it may stop working for future
versions of IPVS.
Julian, Joe, Horms, maybe others, could you please share your opinions
on this matter?
Thanks,
Janusz
|
