|
Hi all.
I have a IPVS (from 2.4.29 kernel, as module) configured for NAT mode. All
works fine, but I need to set gw address on real servers to point to IPVS
host.
I'd like to use SNAT rule on IPVS host to set source address for packets,
going to real servers. It must be ip address of outgoing if, for real
servers to reply correctly.
As far as I know, IPVS core doesn't return NAT packets back to iptables for
further processing. So, I can't handle them in nat-POSTROUTE table.
I've tried NFCT patch (which is said to work with SNAT-reroute), but with no
luck. nat/POSTROUTE table is simply ignored.
Then, I've digged into ip_vs_core.c. There are some functions, which handle
NAT -output packets & return NF_STOLEN to iptables. I've tried to comment
the code that sends packets directly & returned NF_ACCEPT. No luck.
Any ideas?
Thanks!
|
