Re: [lvs-users] internal network behind direct routing instead of nat.

To:	Horms <horms@xxxxxxxxxxxx>
Subject:	Re: [lvs-users] internal network behind direct routing instead of nat.
Cc:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From:	tc lewis <tim@xxxxxxxxxx>
Date:	Thu, 20 Jan 2000 12:49:24 -0500 (EST)

er, s/199.168/192.168/g.
i meant to signify an unroutable/internal network.
but you get the idea.

-tcl.


On Thu, 20 Jan 2000, tc lewis wrote:

> 
> 
> On Thu, 20 Jan 2000, Horms wrote:
> 
> > On Thu, Jan 20, 2000 at 10:51:42AM -0500, tc lewis wrote:
> > > director:      199.199.199.2 (eth0?) and 199.168.199.4 (eth1?) (shrug)
> > > vip:           199.199.199.3
> > > real server 1: 199.168.199.2 (whatever)
> > > real server 2: 199.168.199.3 (whatever)
> > > subnetting:    normal class C, /24 block, netmask 255.255.255.0 (for both 
> > > networks)
> > > router:        199.199.199.1, no special firewall action going on, etc.
> > > internal network's gateway: 199.168.199.1 (ethX?) and 199.199.199.4 
> > > (ethY?) (shrug)
> > > 
> > > the director would be setup with ipvsadm -g commands for direct routing,
> > > and the gateway on the real servers would be configured as that "internal
> > > network's gateway", 199.168.199.1, which would presumably be setup as a
> > > [linux] machine to forward packets from 199.168.199/24 back out to the
> > > real world (via masquerading?).
> > > 
> > > would this work?  what kind of problems would be involved?  any thoughts
> > > on the matter or suggestions would be greatly appreciated, as always.
> > 
> > The problem is that with Direct routing the reply from the real
> > server has the vip as the source address. As this is an address
> > of one of the interfaces on the director it will drop it if you
> > try and forward it through the director. It appears from
> > experimentation week with /proc/sys/net/ipv4/conf/*/rp_filter
> > that at least on 2.2.14, there is no way to turn this behaviour
> > off.
> 
> 
> ok, that makes sense, but what if i'm not forwarding through the
> director--i'd be forwarding through a separate machine altogether, without
> interfaces that match the ip of the vip.  perhaps ipchains masquerading
> rules would need to be made to accept/allow masquerading (would one even
> need masquerading, or just forwarding?) from the vip as well as/instead of
> the ips of the real servers?
> 
> -tcl.
> 
> 
> ----------------------------------------------------------------------
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe, e-mail: lvs-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxx
> For additional commands, e-mail: lvs-users-help@xxxxxxxxxxxxxxxxxxxxxx
> 
> 


----------------------------------------------------------------------
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe, e-mail: lvs-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxx
For additional commands, e-mail: lvs-users-help@xxxxxxxxxxxxxxxxxxxxxx

<Prev in Thread]	Current Thread	[Next in Thread>
[lvs-users] internal network behind direct routing instead of nat., tc lewis Re: [lvs-users] internal network behind direct routing instead of nat., Horms Re: [lvs-users] internal network behind direct routing instead of nat., tc lewis Re: [lvs-users] internal network behind direct routing instead of nat., tc lewis <= Re: [lvs-users] internal network behind direct routing instead of nat., Horms Re: [lvs-users] internal network behind direct routing instead of nat., Julian Anastasov

Previous by Date:	Re: [lvs-users] internal network behind direct routing instead of nat., tc lewis
Next by Date:	Re: [lvs-users] internal network behind direct routing instead of nat., Horms
Previous by Thread:	Re: [lvs-users] internal network behind direct routing instead of nat., tc lewis
Next by Thread:	Re: [lvs-users] internal network behind direct routing instead of nat., Horms
Indexes:	[Date] [Thread] [Top] [All Lists]