Re: [lvs-users] full-nat support in mainline kernel?

[Jan Kasprzak <kas@xxxxxxxxxx>]

        Hello,

Stefan Bauer wrote:
: according to latest stable kernel and
: 
: net/netfilter/ipvs/ip_vs_conn.c
[...] 
: there is still no support for Full-NAT in Kernel right? Or is this something 
i have to do in userland?

        What do you mean by Full-NAT? Is it similar to what you get when
you use a user-space reverse proxy? I have been looking for this a month
ago - my real servers are on a different network than my IPVS redirector
and run a non-Linux OS, so things like tunnelling are hard to do there.

        I have discovered that using IPVS with masq method and rewriting
the source address in iptables did exactly what I wanted. I use the
following configuration:

for ldirectord:

virtual=virtualip:srvport
        real=realserver1:srvport masq 100
        real=realserver2:srvport masq 100
        [... scheduler and other parameters omitted for brevity ...]

for iptables:

iptables -t nat -A POSTROUTING -d realserver1 \
        -p tcp --dport srvport -j MASQUERADE
iptables -t nat -A POSTROUTING -d realserver2 \
        -p tcp --dport srvport -j MASQUERADE

Is this what you are looking for?

-Yenya

-- 
| Jan "Yenya" Kasprzak  <kas at {fi.muni.cz - work | yenya.net - private}> |
| New GPG 4096R/A45477D5 - see http://www.fi.muni.cz/~kas/pgp-rollover.txt |
| http://www.fi.muni.cz/~kas/    Journal: http://www.fi.muni.cz/~kas/blog/ |
Please don't top post and in particular don't attach entire digests to your
mail or we'll all soon be using bittorrent to read the list.     --Alan Cox

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users