LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: LVS-NAT & Internet access on real servers?

from [Graeme Fowler] [Permanent Link]
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: LVS-NAT & Internet access on real servers?
From: Graeme Fowler <graeme@xxxxxxxxxxx>
Date: Thu, 21 Jul 2005 21:17:21 +0100
On Thu 21 Jul 2005 21:06:16 BST , Peter Klapprodt <peter.klapprodt@xxxxxxxxx> wrote: 
<snip>

Any ideas on how to get internet access working on the real servers
using LVS-NAT? I've read something about virtual_routes in keepalived
but couldn't find any detailled instructions yet :(


..in exactly the same way you would for an ordinary masqueraded network:

1. realservers use active director as default gateway
2. (on director) echo "1" >> /proc/sys/net/ipv4/ip_forward
3. (on director) set up masquerading:
iptables -t nat -A POSTROUTING -s <priv net>/<netmask> -d <priv net>/<netmask> -j ACCEPT 
  iptables -t nat -A POSTROUTING -s <priv net>/<netmask> -j MASQUERADE

and that's it!
Any packet which returns to the director which is not hooked by LVS as part of an active connection will fall through to the nat POSTROUTING chain and get masqueraded. 

Works for me, like a charm.

Graeme
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: LVS-NAT & Internet access on real servers?, Joseph Mack NA3T
Next by Date:  RE: LVS-NAT & Internet access on real servers?, PMilanese
Previous by Thread:  Re: LVS-NAT & Internet access on real servers?, Joseph Mack NA3T
Next by Thread:  Re: LVS-NAT & Internet access on real servers?, Peter Klapprodt
Indexes:  [Date] [Thread] [Top] [All Lists]