|
Matt, and all,
I am sorry to write again, however I was re-reading
your email below regading use of an IPTABLES rule for
rewriting the packet IP, as opposed to it being the
mob of LVS NAT. The IPTABLES rules I have on my LVS
hosts are as follows - and I would like to know on
which host (LVS or real) and WHAT SPECIFIC IPTABLES
rule you recommend or refer to - please do specify???
(I think I was a little confused by your statement.)
## Sets up the masq
iptables -v -t nat -A POSTROUTING -s 100.200.10.0/24
-j MASQUERADE
## Use this for sendmail
ipvsadm -A -t 100.200.13.26:25 -s wlc
ipvsadm -a -t 100.200.13.26:25 -r 100.200.10.37:25 -m
ipvsadm -a -t 100.200.13.26:25 -r 100.200.10.38:25 -m
I included your email (below) if you need
to re-read what you wrote to me (this was
regarding true NAT and rewriting the packet).
Thanks again,
Peter
--- "Matthew S. Crocker" <matthew@xxxxxxxxxxx> wrote:
> Hrm, So he wants the source address of the incoming
> connection to be
> re-written to that of your internal address of your
> LVS server? I'm not
> exactly sure why you would want to do this but it
> can be done. It is not
> really the job of LVS it would be handled by an
> iptables rule.
>
> Basically, use LVS-NAT to re-write the destination
> IP of the packet to
> that of the real server IP. This is done as the
> packet enters the LVS
> router. Then, re-write the source IP to that of
> the LVS internal IP
> address. This is done by iptables as the packet
> leaves the router.
>
> The desitnation of the returning packet gets
> re-written as the packet
> enters the router on the LVS internal interface.
> The source of the return
> packet gets re-written by LVS module as it leaves
> the router on the LVS
> external interface. I'm not sure why you wouldn't
> want to see the real
> source IP at the real servers.
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
|
