Re: [PATCH] Runtime interception method switch

To: LVS Devel <lvs-devel@xxxxxxxxxxxxxxx>
Subject: Re: [PATCH] Runtime interception method switch
From: Joseph Mack NA3T <jmack@xxxxxxxx>
Date: Sun, 13 Jan 2008 09:59:26 -0800 (PST)
On Sun, 13 Jan 2008, Raphael Vallazza wrote:

3. PREROUTING Intercept incoming connections before DNAT and input filtering has been applied, this enables transparent proxying on realnodes and localnode.


What's the best way of implementing F5-SNAT? All packets must arrive at the realservers with src_addr=DIP. Where should ipvs be hooked and where should the iptables rules be to NAT the packets?

client: CIP->VIP:80

ipvs on LVS-NAT director: CIP->RIP:80

iptables rules on director (in POSTROUTING?) DIP->RIP:80

realserver: RIP:80->DIP

iptables rules on director RIP:80->CIP

ipvs on LVS-NAT director: VIP:80->CIP

client: gets packet VIP:80->CIP

Thanks Joe
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at
Homepage It's GNU/Linux!
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at

<Prev in Thread] Current Thread [Next in Thread>