RE: LVS-NAT & Internet access on real servers?

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: RE: LVS-NAT & Internet access on real servers?
From: PMilanese@xxxxxxxx
Date: Fri, 22 Jul 2005 07:57:23 -0400
Note - Do not use the static interface assignment for the gateway. Use the
virtual (dynamic) interface. If they fail over, you will not maintain the


-----Original Message-----
From: lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx
[mailto:lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of
Sent: Thursday, July 21, 2005 4:17 PM
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: LVS-NAT & Internet access on real servers?

On Thu 21 Jul 2005 21:06:16 BST , Peter Klapprodt 
<peter.klapprodt@xxxxxxxxx> wrote:
> Any ideas on how to get internet access working on the real servers
> using LVS-NAT? I've read something about virtual_routes in keepalived
> but couldn't find any detailled instructions yet :( exactly the same way you would for an ordinary masqueraded network:

1. realservers use active director as default gateway
2. (on director) echo "1" >> /proc/sys/net/ipv4/ip_forward
3. (on director) set up masquerading:
   iptables -t nat -A POSTROUTING -s <priv net>/<netmask> -d <priv 
net>/<netmask> -j ACCEPT
   iptables -t nat -A POSTROUTING -s <priv net>/<netmask> -j MASQUERADE

and that's it!

Any packet which returns to the director which is not hooked by LVS as 
part of an active connection will fall through to the nat POSTROUTING 
chain and get masqueraded.

Works for me, like a charm.


<Prev in Thread] Current Thread [Next in Thread>