Joseph Mack NA3T a écrit :
nice ascii diagram :-)
Not sure what you're doing yet. I take it that your clients
are out on the internet. Are the 1.1.2.x machines routers?
Why are you SNAT'ing on the outside of the director? Why do
you want to fiddle with the routing of outgoing packets -
are the routing tables not doing what you want?
I want to do the staff that LVS do :
internet client ---> LB server with LVS ---> round-robin internal server
NATed
but in reverse order :
internal server ---> LB server with round-robin SNAT ip ---> internet server
lartc is not able to do this job, lartc is simply routing traffic, so
internal server A will always use route A, and not round-robin around
routes A,B,C,D ...
iptables was to do that with SNAT but with kernel up to 2.6.10 :
SNAT
This target is only valid in the nat table, in the POSTROUTING chain. It
specifies that the source address of the packet should be modified (and all
future packets in
this connection will also be mangled), and rules should cease being
examined. It takes one type of option:
--to-source ipaddr[-ipaddr][:port-port]
which can specify a single new source IP address, an inclusive range of
IP addresses, and optionally, a port range (which is only valid if the rule also
speci‐
fies -p tcp or -p udp). If no port range is specified, then source
ports below 512 will be mapped to other ports below 512: those between 512 and 1023
inclu‐
sive will be mapped to ports below 1024, and other ports will be
mapped to 1024 or above. Where possible, no port alteration will
In Kernels up to 2.6.10, you can add several --to-source options.
For those kernels, if you specify more than one source address, either via an
address range
or multiple --to-source options, a simple round-robin (one after another
in cycle) takes place between these addresses. Later Kernels (>= 2.6.11-rc1)
don’t
have the ability to NAT to multiple ranges anymore.
--random
If option --random is used then port mapping will be randomized
(kernel >= 2.6.21).
