Re: doing both NAT and DR, I need help.

To: Jeremy Hansen <jeremy@xxxxxxxxxxxx>
Subject: Re: doing both NAT and DR, I need help.
Cc: Joseph Mack <mack@xxxxxxxxxxx>, lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From: Julian Anastasov <ja@xxxxxx>
Date: Mon, 25 Sep 2000 22:16:36 +0000 (GMT)

On Fri, 22 Sep 2000, Jeremy Hansen wrote:

> Ok.  Here's a layout of basically how it setup
>                 internet
>                     |
>        (network providers router)
>                     |
>                 switch
>                   |
> real server 1                 lvs machine             real server 2
> RIP (        RIP (        RIP (
> lo:0 (       VIP (        lo:0 (
> default gw                                default gw
> static arp entry                                      static arp entry
> for the router,                                               for the router,
> real server 3 (which is not to be load balanced)
> RIP (
> The problem is real server 1,2,3 cannot get to the internet which is a
> requirement.  Basically because these machines don't really have a real ip
> address at all, so for them to get out, they need to be NAT's at some
> point.
> What I thought you be possible is to set up a route or some type of rule
> that says if traffic originates from, instead of using the
> default gw,, go through and be masqeraded, but
> at thew same time if traffic originates from elsewhere and gets passed
> from the LVS machine's VIP, then use the default gw and use DR instead.
> So I could masq and use DR for important traffic all at the same time.
> I hope this clears things up.  My original email was pretty misleading.

        No, it was clear.

        Additional settings for your setup:

        Settings for the real server(s):

ip rule add prio 100 from table 100
ip route add table 100 0/0 via dev eth0

        For the director:

        You  have  to teach  your  LVS box to
listen on and to stop the ICMP redirects:

ifconfig eth0:1 netmask

echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects

ipchains -A forward -s -j MASQ

        Hope this helps.

> Thanks
> -jeremy


Julian Anastasov <ja@xxxxxx>

<Prev in Thread] Current Thread [Next in Thread>