Re: [lvs-users] LVS Source NAT question: address pool?

To: " users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] LVS Source NAT question: address pool?
From: Patrick Schaaf <netdev@xxxxxx>
Date: Thu, 10 Mar 2011 10:01:37 +0100
On Wed, 2011-03-09 at 15:18 -0800, George B. wrote:
> So, basically, I want to take an incoming packet, destination NAT to the
> desired real server, and source NAT the packet from a pool of IP addresses
> on the LVS to ensure the traffic gets routed back to it.
> Can LVS do that?

The source NAT would be iptables job. Sidestepping the question of
iptables SNAT working with LVS connections, which is a general topic by
itself, such "address pooling" can be done by making several iptables
rules in the nat POSTROUTING chain, each of them matching by some
criteria a subset of all traffic.

I use both of the following schemes, in an outbound (non-LVS) scenario,
the first one where I want a real source to always be represented by a
fixed specific changed source address, the second one where I want even
a single source to use several outgoing source addresses randomly, per

By source IP address, four-way, looking at the last two bits of the real

-A POSTROUTING -s -j SNAT --to-source
-A POSTROUTING -s -j SNAT --to-source
-A POSTROUTING -s -j SNAT --to-source
-A POSTROUTING -s -j SNAT --to-source

By IP Id, eight way

-A POSTROUTING -m u32 --u32 0x2&7=0x0 -j SNAT --to-source
-A POSTROUTING -m u32 --u32 0x2&7=0x1 -j SNAT --to-source
-A POSTROUTING -m u32 --u32 0x2&7=0x2 -j SNAT --to-source
-A POSTROUTING -m u32 --u32 0x2&7=0x3 -j SNAT --to-source
-A POSTROUTING -m u32 --u32 0x2&7=0x4 -j SNAT --to-source
-A POSTROUTING -m u32 --u32 0x2&7=0x5 -j SNAT --to-source
-A POSTROUTING -m u32 --u32 0x2&7=0x6 -j SNAT --to-source
-A POSTROUTING -m u32 --u32 0x2&7=0x7 -j SNAT --to-source

hope this helps

Please read the documentation before posting - it's available at: mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to

<Prev in Thread] Current Thread [Next in Thread>