|
Hello,
On Thu, 1 Mar 2001, Joseph Mack wrote:
> Julian Anastasov wrote:
>
> > > in 2.4.x VS-NAT, are all ports from the real-server masqueraded or only
> > > the ports for the services that LVS is controlling?
> >
> > LVS masquerades only its connections, even in 2.2.
>
>
> In 2.2.x, I setup VS-NAT by running ipvsadm commands for a service
> and then a complementary ipchains command like
>
> ipchains -A forward -p tcp -j MASQ -s realserver_name service_name -d
> 0.0.0.0/0
>
> to demasquerade the service.
The above rule is used to masquerade and not to demasquerade.
So, it is needed only when NAT-ed real servers are used. For DR you don't
need it.
> Are you saying this wasn't neccessary in 2.2.x?
It is neccessary in 2.2. But that does not mean LVS masquerades
other connections. The ipchains rule in 2.2 simply feeds the LVS and
the MASQ code with packets (it is in the FORWARD chain) while in 2.4
LVS hooks in the FORWARDing to check the packets and eventually to
masquerade them. The other packets are not masqueraded. For 2.4
netfilter NAT rules are needed to masquerade other connections,
not related to LVS.
> Joe
>
> --
> Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
> contractor to the National Environmental Supercomputer Center,
> mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
Regards
--
Julian Anastasov <ja@xxxxxx>
|
