LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: question for vs-nat forwarding command

from [Joseph Mack] [Permanent Link]
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: question for vs-nat forwarding command
Cc: alois@xxxxxxxx
From: Joseph Mack <mack.joseph@xxxxxxx>
Date: Tue, 01 May 2001 08:28:20 -0400 
Alois Treindl wrote:
> 
> I have a LV-NAT server running, configured with Joe's configure-0.8
> tool.
> I try to understand what this tool does.
> 
> I have a probably stupid question:
> 
> The manpage for ipvsadm-1.15, which I use with kernel 2.2.19, says:
>       the linux director will need to be con­
>        figured to forward and masquerade  packets.  This  can  be
>        achieved using the following commands:
> 
>        echo "1" > /proc/sys/net/ipv4/ip_forward
>        ipchains -A forward -j MASQ -s 192.168.10.0/24 -d
> 0.0.0.0/0

This instruction is just to give you an idea of what is going on.
This example will masquerade every port and IP in the 192.168.10.0/24
network. Your LVS will work OK. If you have 2 real-servers on 
the 192.168.10.0/24 network with http LVS'ed, then telnet
from the real-servers will be masqueraded whether you want it or
not. 

> Question 1:
> ---------
> Is it that configure replace the more global
> ipchains MASQ command from the manpage with more detail-specific
> commands?

yes

> If that is true, why is it done?

in the example above, I didn't want the configure script to affect
IPs and ports which were not a part of the LVS. Also it was easy to
do - each time I added a real-server:port, I could also run
the masquerade command.

 
> Question 2:
> -----------
> packets coming from the realservers to director need to be
> masqueraded,
> so that the realserver source IP is replaced with the VIP.
> HOW does directory know that it has to use the VIP (assigned in my
> case
> to NIC interface eth1:0) and not the DIIP, the real outside address
> of director (assigned in my case to NIC interface eth1)?

I spent a lot of time talking to Julian about this on the mailing list
(it will all be in the archive). In my situation, I have
several IP's facing the outside world. I didn't understand why 
the packets emerge with the source address of the VIP, 
but Julian seems to understand. Go read the
archives and then talk to Julian again. I don't know
whether I wrote it up for the HOWTO or not. If you think you understand
it, then how about you write it up for the HOWTO.
 
Joe
-- 
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center, 
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Removing Real Servers from the cluster, Matthew S. Crocker
Next by Date:  Re: Removing Real Servers from the cluster, Joseph Mack
Previous by Thread:  question for vs-nat forwarding command, Alois Treindl
Next by Thread:  Re: question for vs-nat forwarding command, Julian Anastasov
Indexes:  [Date] [Thread] [Top] [All Lists]