Hello,
On Wed, 31 Jan 2001, Joseph Mack wrote:
> with an VS_NAT setup, when I run
>
> > ipchains -A forward -p tcp -j MASQ -s realserver1 telnet -d 0.0.0.0/0
>
> on the director, so that telnet packets can get back from the real-server
> to the client, LVS steps in and makes sure that the VIP becomes the
> src_addr, whereas if there had been no ipvsadm commands run, then
> the routing would have determined the src_addr?
Right.
> Does LVS fiddle with the ipchains tables to do this?
No, ipchains only delivers packets to the masquerading code.
Nobody is interested how the packets are selected in the ipchains
rule.
How the things work:
- the masquerading address is assigned when the first packet is seen
- LVS sees the first packet in the LOCAL_IN chain when it comes from
the client. LVS assigns the VIP as maddr
- the MASQ code sees the first packet in the FORWARD chain when
there is a -j MASQ target in the ipchains rule. The routing selects
the maddr. If the connection already exists the packets are masqueraded.
- the LVS can see packets in the FORWARD chain but they are for already
created connections, so no maddr is assigned and the packets are
masqueraded with the address saved in the connections structure (the
VIP) when it was created.
> Joe
Regards
--
Julian Anastasov <ja@xxxxxx>
|