|
Julian Anastasov wrote:
>
> Hello,
>
> On Fri, 2 Feb 2001, Joseph Mack wrote:
>
> > > So, we need a way to nat the outgoing packets in the real
> > > server but only when we access the client's authd.
> >
> > The packets from the real-server to the client's authd
> > come from the VIP on the real-server and not the RIP.
>
> But we need they to leave from the real server with saddr=RIP2.
> RIP2 will be used only to connect to remote authd through the director.
> We need one RIP2 for each VIP - this will be used in the director
> to select the right VIP as maddr for the different RIP2 saddr.
hmm, diagram for clarification of what I'm thinking
(I only have one VIP, not sure why you have several).
(There is no LVS installed, just showing NAT parts,
but IPs are for a VS-DR LVS)
client
(eth0 192.168.2.254)
|
(eth0 192.168.2.1 = DIP)
(eth0:1 192.168.2.110 = VIP)
director
(eth1:192.168.1.9)
|
(eth0 192.168.1.12 = RIP)
(lo:0 192.168.2.110 = VIP)
real-server
the authd client on the real-server makes its call
VIP:high_port -> client:authd
the replies don't get back to the real-server.
my scheme to get it to work
on real-server
VIP:high_port -> client:authd (high_port is say 1025)
have NAT running on real-server, the
packet emerges from the real-server
RIP:higher_port -> client:authd (higher_port is say 60001)
this packet arrives at director where it is NAT'ed
again and emerges from the LVS as
VIP:even_higher_port -> client:authd (even_higher_port is ?)
Something I hadn't thought of... Can NAT accept a packet
with a port number that's already been NAT'ed?
Joe
--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
|
