Yes, David is right it is working as expected Full-NAT i.e. source IP
If you want the real servers/backend servers to have Internet access
as well then you will need an iptables masquerade rule or something
similar for the outgoing traffic.
LVS Half-Nat or SNAT is in mainline kernel, the old way of patching is
But to be honest if you want SNAT/proxy you'd be better off using
HAProxy which is well tested for that purpose...
On 26 July 2012 18:23, David Coulson <david@xxxxxxxxxxxxxxxx> wrote:
> On 7/26/12 12:40 PM, Liu, William wrote:
> > Hi,
> > I am a problem with LVS NAT configuration where the packets do not look
> > like they are being masqueraded by LVS. Here's my setup:
> > LVS server has 3 interfaces: primary, nat_router, virtual IP
> > 184.108.40.206 -primary
> > 172.25.117.4 - nat router
> > 172.25.117.5 - virtual IP, port 80
> > |---- 172.28.12.56 (Real server)
> > A client (172.25.111.8) connects to 172.25.117.5 on port 80 never gets a
> > response back. What I see on Real sever (172.28.12.56) on tcpdump is :
> > 16:35:08.103968 IP 172.25.111.8.34271 > 172.28.12.56.http: S
> > 1718115488:1718115488(0) win 5840 <mss 1460,sackOK,timestamp 500867550
> > 0,nop,wscale 7>
> > This shows source IP of the client and NOT from LVS. I presume in NAT
> > mode, the source IP should be of the "nat router?" From my understanding
> > LVS should have done the header masquerading? I shouldn't have to use
> > IPtables? Please let me know what I have to do for this function to work?
> There is a SNAT patch for LVS out on the Internet somewhere, but it is
> not supported by RedHat. With RHEL, none of the three (DR,NAT, TUN)
> mechanisms modify the source IP of the packets.
> If you use LVS-NAT, you need to make sure the real server routes the
> packet back through the LVS director so the 'un-NAT' can happen
> correctly before the request goes back to the client.
> Please read the documentation before posting - it's available at:
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Phone: +44 (0)870 443 8779
Please read the documentation before posting - it's available at:
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users