Note - Do not use the static interface assignment for the gateway. Use the
virtual (dynamic) interface. If they fail over, you will not maintain the
[mailto:lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of
Sent: Thursday, July 21, 2005 4:17 PM
Subject: Re: LVS-NAT & Internet access on real servers?
On Thu 21 Jul 2005 21:06:16 BST , Peter Klapprodt
> Any ideas on how to get internet access working on the real servers
> using LVS-NAT? I've read something about virtual_routes in keepalived
> but couldn't find any detailled instructions yet :(
..in exactly the same way you would for an ordinary masqueraded network:
1. realservers use active director as default gateway
2. (on director) echo "1" >> /proc/sys/net/ipv4/ip_forward
3. (on director) set up masquerading:
iptables -t nat -A POSTROUTING -s <priv net>/<netmask> -d <priv
net>/<netmask> -j ACCEPT
iptables -t nat -A POSTROUTING -s <priv net>/<netmask> -j MASQUERADE
and that's it!
Any packet which returns to the director which is not hooked by LVS as
part of an active connection will fall through to the nat POSTROUTING
chain and get masqueraded.
Works for me, like a charm.