|
Hello all. I've just spent a lot of time
trying to understand the howto and looking through the mailing lists, but
nothing seems to be answering my question:
Can I combine the director of a LVS-NAT
setup with an iptables-based natting firewall? In other words, if I have this
setup:
internet
|
+=====+====+ 1.2.3.4
| Firewall |
+=====+====+ 10.0.0.254
|
+=====+====+ 10.0.0.1
| Director |
+==+====+==+ 10.0.1.254
|
|
| +=+===+
10.0.1.1
|
| RS1 |
| +=====+
|
+=+===+ 10.0.1.2
| RS2 |
+=====+
...where the Virtual IP that a client will
use is 1.2.3.4, which gets translated by the firewall into 10.0.0.1, which the
Director treats as the virtual IP, with the end result that requests to 1.2.3.4
should get balanced between 10.0.1.1 and 10.0.1.2. This seems like it should
present no problems.
However, I'd like to be cheap
and combine the firewall and director into the box. It seems like this
should work too, but from my tests it seems that the natting done in the
firewall isn't letting the lvs code at the packets, so nothing is actually
making it through.
Unfortunately, I can't even tell if this is
supposed to work to begin with. The howto has a lot of information in it, but on
this particular issue it only has vauge, conflicting snippets of email. Is
anybody out there doing something similar to this?
| 