|
On Thu, Oct 16, 2003 at 06:02:39PM +1000, Alan Knipmeyer wrote:
> Hiya,
>
> Thanks for the link. I gave it a try, and done a test with telnet to
> start with, in this case re-writing port 2300 to port 23. I tested lvs
> with port 23 first on a different address to make sure the RIP was
> working.
>
> When I done this with the fw mark method, packets arrive, but end up in
> a SYN_RCVD mode.
>
> When dumping packets, the same packet is being retransmitted from the
> VIP on the real server, but never reaching the host which launched the
> connection. Is this because the tcp handshake is broken at the LVS
> server ?
>
> Any advice gratefully received ! I can't believe I`m the only person
> thats tried to do this :)
I can.
The simple answer is that it can be done. But no one has
put in enough time to research the best way to do it
and make the information available.
Port translation is something that has never been particularly
well supported in LVS. Partly because it is a bit of a chore.
Partly because in some cases (e.g. LVS-DR) it can't work.
Partly because not many people seem to need it. And partly
because there is no obvious way to configure it using the
current ipvsadm framework.
I would suspect the problem that you are coming up against in realtion
to using DNAT is the old problem relating to netfilter's connection
tracking code not working in conjunction with LVS.
Perhaps this code can help. It seems to use its own connection tracking
code.
http://www.balabit.com/products/oss/tproxy/README.txt
Or perhaps using the antifacto patch which should be in
the list archive somewhere..
--
Horms
|
