On Wed, September 17, 2008 12:22, Josh Mullis wrote:
> I actually expected to see some different rules than what I have.
> Not sure what I need to add.
> Here are my current tables.
> (Spaces replaced with -'s for formatting)
> iptables -L

Try iptables-save to see *all* the tables (in an incompatible format).

I'm still struggling with my own setup (with similar goals and
constraints, xen + lvs NAT), but once I got packets directed in, they came
back out okay.

The default route on each of the realserver "systems" (quotes to remind us
that they may be xen guests not physical systems) needs to be set to the
private net virtual IP of the LVS system -- I've deleted enough reading up
to here that I can't now go back and check if you have that set right.

And the LVS NAT works *only* for packets routed in by the LVS; the
realservers can't initiate outgoing connections beyond the private LAN
(unless you turn on ordinary NAT on the LVS, which is not the same thing
as LVS NAT).

David Dyer-Bennet, dd-b@xxxxxxxx;

