|
Hello,
On Tue, 29 Jan 2002, sofox wrote:
> Hi,
>
> Is it true that packets pass through lvs-nat won't pass through
> iptables.POSTROUTING chain any more?
>
> Our network looks like following.
Even Netfilter can't do this trick. The only solution to
use multiple gateways in 2.4 is to teach the connection tracking
to remember the nfmark value for the incoming traffic and then
to route the in->out traffic based on it.
As for LVS, in the next version we plan to redesign some
things in this direction (but not by using nfmark for routing).
Until then, you can see this solution for Linux 2.2:
http://www.linuxvirtualserver.org/~julian/#routes-2.2
There is a patch LVS to use this routing modification
and to use multiple gateways with distinct IP ranges.
> Any best resolvents other than add two linux box and perform SNAT before load
> balancer?
The right SNAT is not the only problem. The main problem
is the routing: how to route properly when the SNAT is after
routing. The routing is not aware to what masquerade/external IP
was bound the masquerade connection. On route cache flush we forget
the right path.
> Oscar
Regards
--
Julian Anastasov <ja@xxxxxx>
|
