[lvs-users] LVS-NAT and real servers accessing the public networks

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: [lvs-users] LVS-NAT and real servers accessing the public networks
From: devnull <devnull@xxxxxxxxxxxxxxxxx>
Date: Thu, 17 Dec 2009 15:51:24 -0700
I have a working LVS-NAT setup, in that clients are able to access services
on the VIP's. But my real servers (rs) are unable to ping/mail/http/access
anything outside the NAT.

I've been getting mixed information from reading around, I've read on:

Once the network interfaces are up on the real servers, the machines will be
unable to ping or connect in other ways to the public network. This is
normal. You will, however, be able to ping the real IP for the LVS router's
private interface, in this case"

Yet I've read on:
5.9. Julian's step-by-step check of a L4 LVS-NAT setup:
Q.1 Can the realserver ping client?

rs# ping -n client
A.1 Yes => good
A.2 No => bad

Some settings for the director:
Linux 2.4:
iptables -t nat -A POSTROUTING -s RIP -j MASQUERADE

Adding that POSTROUTING rule in iptables allows the RS to now ping the
public internet (install updates, send mail etc...) But then the VIP becomes
inaccessible and the LVS no longer works. Am I not on the right track here?
Here is a link to a diagram of my network layout.


Please read the documentation before posting - it's available at: mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to

<Prev in Thread] Current Thread [Next in Thread>