Re: doing both NAT and DR, I need help.

[Jeremy Hansen <jeremy@xxxxxxxxxxxx>]

On Mon, 25 Sep 2000, Julian Anastasov wrote:

> 
>       Hello,
> 
> On Fri, 22 Sep 2000, Jeremy Hansen wrote:
> 
> > Ok.  Here's a layout of basically how it setup
> >
> >
> >                 internet
> >                     |
> >                 64.204.99.1 (network providers router)
> >                     |
> >               switch
> >                 |
> > real server 1                       lvs machine             real server 2
> > RIP (10.100.50.247)      RIP (64.204.99.249)        RIP (10.100.50.246)
> > lo:0 (64.204.99.240)             VIP (64.204.99.240)        lo:0 
> > (64.204.99.240)
> > default gw 64.204.99.1                              default gw 64.204.99.1
> > static arp entry                                    static arp entry
> > for the router,                                             for the router,
> > 64.204.99.1                                         64.204.99.1
> >
> > real server 3 (which is not to be load balanced)
> > RIP (10.100.50.245)
> >
> > The problem is real server 1,2,3 cannot get to the internet which is a
> > requirement.  Basically because these machines don't really have a real ip
> > address at all, so for them to get out, they need to be NAT's at some
> > point.
> >
> > What I thought you be possible is to set up a route or some type of rule
> > that says if traffic originates from 10.100.50.0/24, instead of using the
> > default gw, 64.204.99.1, go through 64.204.99.249 and be masqeraded, but
> > at thew same time if traffic originates from elsewhere and gets passed
> > from the LVS machine's VIP, then use the default gw and use DR instead.
> >
> > So I could masq and use DR for important traffic all at the same time.
> >
> > I hope this clears things up.  My original email was pretty misleading.
> 
>       No, it was clear.
> 
>       Additional settings for your setup:
> 
>       Settings for the real server(s):
> 
> ip rule add prio 100 from 10.100.50.0/24 table 100
> ip route add table 100 0/0 via 10.100.50.249 dev eth0
> 
>       For the director:
> 
>       You  have  to teach  your  LVS box  64.204.99.249 to
> listen on 10.100.50.249 and to stop the ICMP redirects:
> 
> ifconfig eth0:1 10.100.50.249 netmask 255.255.255.0
> 
> echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
> echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects
> 
> ipchains -A forward -s 10.100.50.0/24 -j MASQ
> 
>       Hope this helps.


Woah, I'm going to try this right now!  Thank You very much.  I'll report
back on successes or failures.

-jeremy

> 
> > Thanks
> > -jeremy
> 
> Regards
> 
> --
> Julian Anastasov <ja@xxxxxx>
> 
> 

eholes.org * jeremy@xxxxxxxxxx
-----------------------------------------
eholes have feelings too...