LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

RE: SNAT / Masquerading problems using LVS-NAT

To: "Rudd, Michael" <Michael.Rudd@xxxxxxxxxxx>
Subject: RE: SNAT / Masquerading problems using LVS-NAT
Cc: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
From: Julian Anastasov <ja@xxxxxx>
Date: Thu, 19 Apr 2007 02:06:47 +0300 (EEST)
        Hello,

On Wed, 18 Apr 2007, Rudd, Michael wrote:

> So I send my DNS query to my VIP on my directors. It gets routed to a
> realserver which I've attached the vip to bond1.201:0. According to
> others I've talked to I shouldn't need an iptables rule but I still
> don't see the packet out with the source ip address of the VIP. I see
> the packet with the source IP of the actual realserver. Its possible it
> is a routing issue though so I plan on digging deeper on that today. 

        For LVS-DR reply should be generated in real server with src=VIP.
If you ask the question for LVS-NAT then with OPS you will need the
iptables SNAT rule because IPVS does not recognize replies. But I have
never tested such setup. Without OPS you don't need iptables SNAT rule, 
IPVS translates the source address.

> Should I need an iptables rule at all for LVS-DR? 

        No, reply goes directly from real server to client.

Regards

--
Julian Anastasov <ja@xxxxxx>

<Prev in Thread] Current Thread [Next in Thread>