|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Graeme Fowler wrote:
> On Thu 21 Jul 2005 21:06:16 BST , Peter Klapprodt
> <peter.klapprodt@xxxxxxxxx> wrote:
> <snip>
>
>> Any ideas on how to get internet access working on the real servers
>> using LVS-NAT? I've read something about virtual_routes in keepalived
>> but couldn't find any detailled instructions yet :(
>
>
> ..in exactly the same way you would for an ordinary masqueraded network:
>
> 1. realservers use active director as default gateway
> 2. (on director) echo "1" >> /proc/sys/net/ipv4/ip_forward
> 3. (on director) set up masquerading:
> iptables -t nat -A POSTROUTING -s <priv net>/<netmask> -d <priv
> net>/<netmask> -j ACCEPT
> iptables -t nat -A POSTROUTING -s <priv net>/<netmask> -j MASQUERADE
>
> and that's it!
>
> Any packet which returns to the director which is not hooked by LVS as
> part of an active connection will fall through to the nat POSTROUTING
> chain and get masqueraded.
>
> Works for me, like a charm.
>
> Graeme
Thanks a lot, it works now. Actually I don't know what exactly the error
was as I tried it this way before and then searched for other ways. I
think I badly misconfigured something by accident :)
Again, thanks a lot!
Best regards,
Peter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
iD8DBQFC5QigUB2qoKT2pkERAk3lAJ9RiSfiz2YnQVX/vtKpdOTCMWYUhwCeLocF
jFnOU5fmg3Pcwy5qbD6Q8L0=
=CGyE
-----END PGP SIGNATURE-----
|
