LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

RE: iptables forwarding

from [Rutger van Oosten] [Permanent Link]
To: "'lvs-users@xxxxxxxxxxxxxxxxxxxxxx'" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: iptables forwarding
From: Rutger van Oosten <r.v.oosten@xxxxxxxxxxx>
Date: Fri, 14 Feb 2003 10:32:21 +0100
Ok.. Thanks to Malcolm i figured it out. All it needed was a POSTROUTING iptables rule to change the source address of the packets so that the sql server that's not in the "real-server network" knows where to return the packets too. Like this:
 
# Forward all ms-sql connections coming from real servers to DIP to SQL02 on trusted network
iptables -t nat -A PREROUTING  -p tcp -d $DIP   -i eth1 --dport $SQL -j DNAT --to-destination $SQL02:$SQL
iptables -t nat -A POSTROUTING -p tcp -d $SQL02 -o eth0 --dport $SQL -j SNAT --to-source $VIP
 
I also found this website helpful: http://iptables-tutorial.frozentux.net/ 
 
Rutger
-----Original Message-----
From: Rutger van Oosten [mailto:r.v.oosten@xxxxxxxxxxx]
Sent: Thursday, 13 February 2003 14:13
To: 'lvs-users@xxxxxxxxxxxxxxxxxxxxxx'
Subject: RE: iptables forwarding

FYI: Someone sent me part of his configuration off-list and I'm going to try that out. I'll report back on-list when i figure it out :-)
-----Original Message-----
From: Rutger van Oosten [mailto:r.v.oosten@xxxxxxxxxxx]
Sent: Thursday, 13 February 2003 11:01
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: iptables forwarding

I have a slightly off-topic question that still may be of interest to more people on this list.
 
I am running LVS/NAT with one director and multiple real servers. The director is running linux kernel 2.4.18 from kernel.org. The director is connected to the internet through eth0 (VIP) and to a dmz with the real servers through eth1 (DIP). Currently I am load-balancing ftp and http traffic, but to access a mssql server inside the dmz i have a iptables forward (iptables -t nat -A PREROUTING -i eth0 -p tcp -d $VIP --dport 1433 -j DNAT --to $SQL01:1433) which works fine.
 
My question: I want the sql server inside the dmz (let's call it SQL_DMZ) to be able to connect to another sql server on my (non-dmz) network (let's call it SQL_NETW). From the director I can ping them both. So then I add an iptables forward like this: iptables -t nat -A PREROUTING -i eth1 -p tcp -d $DIP --dport 1433 -j DNAT --to $SQL_NETW:1433    expecting connections on the sql port on the DIP interface to be routed to the SQL_NETW machine.  But this does not work.
 
Who knows what I'm doing wrong?
 
Thanks,
Rutger
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Large HTTP Uploads timeout, Sébastien Bonnet
Next by Date:  [ANNOUNCE] ktcpvs 0.0.10, Wensong Zhang
Previous by Thread:  RE: iptables forwarding, Rutger van Oosten
Next by Thread:  Re: lvsgsp and Piranha/LVS and seperate MRTG box, Alexandre Cassen
Indexes:  [Date] [Thread] [Top] [All Lists]