LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] full-nat support in mainline kernel?

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] full-nat support in mainline kernel?
From: ROHAUT Sébastien (EXT GFI) <ext.gfi.sebastien.rohaut@xxxxxxx>
Date: Fri, 1 Feb 2013 10:56:25 +0100
Hi,

I think he's talking about IPVS FULLNAT from this link :

http://kb.linuxvirtualserver.org/wiki/IPVS_FULLNAT_and_SYNPROXY 

Sébastien ROHAUT

-----Message d'origine-----

        Hello,

Stefan Bauer wrote:
: according to latest stable kernel and
: 
: net/netfilter/ipvs/ip_vs_conn.c
[...]
: there is still no support for Full-NAT in Kernel right? Or is this something 
i have to do in userland?

        What do you mean by Full-NAT? Is it similar to what you get when you 
use a user-space reverse proxy? I have been looking for this a month ago - my 
real servers are on a different network than my IPVS redirector and run a 
non-Linux OS, so things like tunnelling are hard to do there.

        I have discovered that using IPVS with masq method and rewriting the 
source address in iptables did exactly what I wanted. I use the following 
configuration:

for ldirectord:

virtual=virtualip:srvport
        real=realserver1:srvport masq 100
        real=realserver2:srvport masq 100
        [... scheduler and other parameters omitted for brevity ...]

for iptables:

iptables -t nat -A POSTROUTING -d realserver1 \
        -p tcp --dport srvport -j MASQUERADE
iptables -t nat -A POSTROUTING -d realserver2 \
        -p tcp --dport srvport -j MASQUERADE

Is this what you are looking for?

-Yenya

-- 
| Jan "Yenya" Kasprzak  <kas at {fi.muni.cz - work | yenya.net - 
| private}> | New GPG 4096R/A45477D5 - see 
http://www.fi.muni.cz/~kas/pgp-rollover.txt |
| http://www.fi.muni.cz/~kas/    Journal: http://www.fi.muni.cz/~kas/blog/ |
Please don't top post and in particular don't attach entire digests to your
mail or we'll all soon be using bittorrent to read the list.     --Alan Cox

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx Send 
requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
-------
Ce message et toutes les pièces jointes sont établis à l'intention exclusive de 
ses destinataires et sont confidentiels. L'intégrité de ce message n'étant pas 
assurée sur Internet, la SNCF ne peut être tenue responsable des altérations 
qui pourraient se produire sur son contenu. Toute publication, utilisation, 
reproduction, ou diffusion, même partielle, non autorisée préalablement par la 
SNCF, est strictement interdite. Si vous n'êtes pas le destinataire de ce 
message, merci d'en avertir immédiatement l'expéditeur et de le détruire.
-------
This message and any attachments are intended solely for the addressees and are 
confidential. SNCF may not be held responsible for their contents whose 
accuracy and completeness cannot be guaranteed over the Internet. Unauthorized 
use, disclosure, distribution, copying, or any part thereof is strictly 
prohibited. If you are not the intended recipient of this message, please 
notify the sender immediately and delete it. 


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>