|
On Tue 22 Nov 2005 21:05:58 GMT , Mark de Vries
<markdv.lvsuser@xxxxxxxxxx> wrote:
Hmmm... maybee.... Does 'masquarade' ineroperate with ip_vs? Or should I
use SNAT on the loadbalancer?? I'll give it a go tomorrow but if anyone
knows the anser please let me know.
aha!
Yes, netfilter/iptables does interact with LVS.
Under LVS-NAT you need to make sure that the traffic exiting the
director on the client side is what the client expects. That means SNAT
(or masquerade).
I have a bunch of servers behind a pair of active/passive directors on
a private LAN. The public face of the directors is just that, facing
the internet. I have a bunch of rules on the director in the "nat"
netfilter table to ensure that connections being initiated inside the
network are SNATted to the appropriate VIP address outside, and this
makes the LVS-NAT FTP work for both active and passive.
It's been like that for so long I had to go back and review the config
to see why it worked :)
In your case you probably need something on the director to say:
iptables -t nat -I POSTROUTING -s $RIP/32 -j SNAT --to-source $VIP
for each of your RIP/VIP sets.
Graeme
|
