|
Ian Millsom wrote:
Yes and no. 2.4 kernels support internal nat connections.
CONFIG_IP_NF_NAT_LOCAL=y
You MUST be using iptables, as ipchains will not work with this as the
options is only applicable to iptables.
I have this working on the realservers, but not tested on the director
itself.
I'm really interested in how you got this thing working. i've got the same
setup, just ther kernel version differs (2.4.19), ivps-1.07.
ONFIG_IP_NF_NAT_LOCAL enabled, no nat rules (at first).
[net]
|
[director]
/ \
[realserver1][realserver2]
same setup
I sit on realserver1, and access say a website that would normally come in
via the director and request be sent to the realserver. Now I am coming
from the realserver which will hit the director, and the director will
internally loop back for me.
i'v defined an insidel virtual ip, balancing between the two realservers.
this one is in addition to the external VIP, also balancing between the two
same realservers. no connection is possible, neither to the external vip
nor to the internal, while sitting on one of the real-servers.
i already tried to use SNAT, natting every traffic initiated by one of the
real-servers with destination internal or external and translating to the
corresponding int/ext VIP. a tcpdump on the realserver showed, that this
works, but only one time. after that, the realserver wants to talk to
himself, not to the int/ext VIP. sure, this is a known issue of routing,
but can't this be solved in another way?
i'm planning to use more servers behind the lvs, and deleting the route to
the local net isn't very practicable.
i'm really interested in how you got this thing working like you mentioned
in your mail.
Previously I would have had to add a entry into the local hosts file on
the machine, pointing the name back to the local ip address of the
realserver.
why should this be necessary?
regards
clemens
|
