|
Note - Do not use the static interface assignment for the gateway. Use the
virtual (dynamic) interface. If they fail over, you will not maintain the
MASQ.
P
-----Original Message-----
From: lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx
[mailto:lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of
graeme@xxxxxxxxxxx
Sent: Thursday, July 21, 2005 4:17 PM
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: LVS-NAT & Internet access on real servers?
On Thu 21 Jul 2005 21:06:16 BST , Peter Klapprodt
<peter.klapprodt@xxxxxxxxx> wrote:
<snip>
> Any ideas on how to get internet access working on the real servers
> using LVS-NAT? I've read something about virtual_routes in keepalived
> but couldn't find any detailled instructions yet :(
..in exactly the same way you would for an ordinary masqueraded network:
1. realservers use active director as default gateway
2. (on director) echo "1" >> /proc/sys/net/ipv4/ip_forward
3. (on director) set up masquerading:
iptables -t nat -A POSTROUTING -s <priv net>/<netmask> -d <priv
net>/<netmask> -j ACCEPT
iptables -t nat -A POSTROUTING -s <priv net>/<netmask> -j MASQUERADE
and that's it!
Any packet which returns to the director which is not hooked by LVS as
part of an active connection will fall through to the nat POSTROUTING
chain and get masqueraded.
Works for me, like a charm.
Graeme
|
