question for vs-nat forwarding command

To:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject:	question for vs-nat forwarding command
From:	Alois Treindl <alois@xxxxxxxx>
Date:	Tue, 01 May 2001 07:41:59 +0200

I have a LV-NAT server running, configured with Joe's configure-0.8
tool.
I try to understand what this tool does.

I have a probably stupid question:

The manpage for ipvsadm-1.15, which I use with kernel 2.2.19, says:
      the linux director will need to be con
       figured to forward and masquerade  packets.  This  can  be
       achieved using the following commands:
 
       echo "1" > /proc/sys/net/ipv4/ip_forward
       ipchains -A forward -j MASQ -s 192.168.10.0/24 -d
0.0.0.0/0      

However, the rc.lvs_nat script does not contain such a command,
neither
did I run it manually.

Naming: w1, w2, w3 ae my realservers.
lvs.astro.com is the VIP

ipvsadm -L says:
---------------
IP Virtual Server version 1.0.7 (size=65536)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port             Forward Weight ActiveConn
InActConn
TCP  lvs.astro.com:telnet rr
  -> w3:telnet                      Masq    1      0          0
  -> w2:telnet                      Masq    1      0          0
  -> w1:telnet                      Masq    1      0          0
TCP  lvs.astro.com:ssh rr
  -> w1:ssh                         Masq    1      0          0
TCP  lvs.astro.com:www rr
  -> w3:www                         Masq    1      0          0
  -> w2:www                         Masq    1      0          0
  -> w1:www                         Masq    1      0          0  

ipchains -L says:
-----------------
Chain input (policy ACCEPT):
Chain forward (policy ACCEPT):
target prot opt   source   destination ports
MASQ tcp  ------  w1       anywhere  telnet ->   any
MASQ tcp  ------  w1       anywhere  1025:65535 ->   any
MASQ tcp  ------  w2       anywhere  telnet ->   any
MASQ tcp  ------  w2       anywhere  1025:65535 ->   any
MASQ tcp  ------  w3       anywhere  telnet ->   any
MASQ tcp  ------  w3       anywhere  1025:65535 ->   any
MASQ tcp  ------  w1       anywhere  www ->   any
MASQ tcp  ------  w1       anywhere  1025:65535 ->   any
MASQ tcp  ------  w2       anywhere  www ->   any
MASQ tcp  ------  w2       anywhere  1025:65535 ->   any
MASQ tcp  ------  w3       anywhere  www ->   any
MASQ tcp  ------  w3       anywhere  1025:65535 ->   any
MASQ tcp  ------  w1       anywhere  ssh ->   any
MASQ tcp  ------  w1       anywhere  1025:65535 ->   any
Chain output (policy ACCEPT):  

Question 1: 
---------
Is it that configure replace the more global 
ipchains MASQ command from the manpage with more detail-specific
commands? 
If that is true, why is it done?


Question 2:
-----------
packets coming from the realservers to director need to be
masqueraded,
so that the realserver source IP is replaced with the VIP.
HOW does directory know that it has to use the VIP (assigned in my
case
to NIC interface eth1:0) and not the DIIP, the real outside address
of director (assigned in my case to NIC interface eth1)?

Alois

PS: I am afraid I will have more stupid questions in the future

<Prev in Thread]	Current Thread	[Next in Thread>
question for vs-nat forwarding command, Alois Treindl <= Re: question for vs-nat forwarding command, Joseph Mack Re: question for vs-nat forwarding command, Julian Anastasov

Previous by Date:	RE: success: LV-NAT working, Peter Mueller
Next by Date:	Security of VS-NAT versus VS-DR ?, Alois Treindl
Previous by Thread:	RE: success: LV-NAT working, Peter Mueller
Next by Thread:	Re: question for vs-nat forwarding command, Joseph Mack
Indexes:	[Date] [Thread] [Top] [All Lists]