|
Hi,
Along similar lines to this I would like to know if it's possible to
allow realservers behind a LVS-NAT to access virtual servers.
e.g. I have a pair of webservers and a pair of mailservers behind a
single LVS-NAT machine. When a webserver emails the mailserver (hundreds
of virtual domains so faking the dns would be a pain) it is not able to
connect via the external IP address.
When I do a tcpdump I see that the request is going from the webserver
to the firewall then to the mailserver, but the path back to the
webserver is direct, and since it's the internal ip address of the
mailserver rather than the ip address of the VIP the webserver doesn't
recognise the reply.
Is there some way I can get the firewall to SNAT so that connections
will go via the firewall correctly? I read somewhere that I could use
mark tables but couldn't quite piece it all together.
Thanks,
Josh
|
