|
On Fri, September 5, 2008 12:01, Julius Volz wrote:
> On Fri, Sep 5, 2008 at 6:01 PM, David Dyer-Bennet <dd-b@xxxxxxxx> wrote:
>> Documentation note: I've been reading "NAT" as referring to the other
>> Linux network service in netfilter, rather than as a more generic use of
>> the term. I'd suggest making this a bit clearer in the documentation --
>> that LVS NAT does NOT use the normal Linux NAT that people have mostly
>> at
>> least heard of.
>
> Might be a good idea (don't know who can do this, though)...
Maybe I'll understand things well enough when I get this working to deal
with it. I'm actually a pretty decent technical writer for a software
engineer. I've thought enough grouchy things about the documentation this
last month that it makes sense for me to try to get written some of the
things I've wished existed along the way.
>> Does it conflict with setting up regular NAT to support outbound
>> connections originating from the realservers (such as to a database)?
>> Does it block routing to external addresses other than through the NAT
>> entries? And where can I see those entries (I don't see any way to list
>> them with ipvsadm which is the only tool I know to talk to ip_vs).
>
> It shouldn't interfere much with non-IPVS things (others, correct me
> if I'm wrong). If IPVS doesn't recognize a packet as belonging to an
> IPVS connection/service, the packet is just processed as normal.
Tried it. Seems to work like a charm; I can now ping and ssh out from the
realservers, and incoming requests to the service address still get routed
through correctly.
If anybody knows some reason this is a bad idea do please mention it
sooner rather than later though :-) !
(Specifically, I did "iptables -t nat -A POSTROUTING -o eth0 -j
MASQUERADE" on the LVS host; eth0 connects to the corporate LAN, eth1 goes
to the private LVS lan.)
--
David Dyer-Bennet, dd-b@xxxxxxxx; http://dd-b.net/
Snapshots: http://dd-b.net/dd-b/SnapshotAlbum/data/
Photos: http://dd-b.net/photography/gallery/
Dragaera: http://dragaera.info
|
