Re: LVS-NAT & Internet access on real servers?

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: LVS-NAT & Internet access on real servers?
From: Graeme Fowler <graeme@xxxxxxxxxxx>
Date: Thu, 21 Jul 2005 21:17:21 +0100
On Thu 21 Jul 2005 21:06:16 BST , Peter Klapprodt <peter.klapprodt@xxxxxxxxx> wrote:
Any ideas on how to get internet access working on the real servers
using LVS-NAT? I've read something about virtual_routes in keepalived
but couldn't find any detailled instructions yet :( exactly the same way you would for an ordinary masqueraded network:

1. realservers use active director as default gateway
2. (on director) echo "1" >> /proc/sys/net/ipv4/ip_forward
3. (on director) set up masquerading:
iptables -t nat -A POSTROUTING -s <priv net>/<netmask> -d <priv net>/<netmask> -j ACCEPT
  iptables -t nat -A POSTROUTING -s <priv net>/<netmask> -j MASQUERADE

and that's it!

Any packet which returns to the director which is not hooked by LVS as part of an active connection will fall through to the nat POSTROUTING chain and get masqueraded.

Works for me, like a charm.


<Prev in Thread] Current Thread [Next in Thread>