|
Whoops, forgot to change the subject. Sorry for the re-post.
> -----Original Message-----
> From: lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:lvs-users-
> bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Ordway, Ryan
> Sent: Tuesday, January 30, 2007 3:07 PM
> To: LinuxVirtualServer.org users mailing list.
> Subject: RE: Problem with IP-takeover
>
>
> Is anyone using LVS + hearbeat + ldirectord + iptables with SNAT/DNAT?
> I'm trying to allow "direct" access to the real servers via one public
> IP separate from the virtual IP that would "bypass" LVS, and then the
> load balanced virtual IP for LVS to load balance between the real
> servers.
>
> For example:
>
> 192.168.1.1 - LVS director #1
> 192.168.1.2 - LVS director #2
> 192.168.1.3 - "direct" IP for web1
> 192.168.1.4 - "direct" IP for web2
> 192.168.1.100 - load balanced IP for web1/web2
>
> 10.0.0.1 - LVS director #1 (internal)
> 10.0.0.2 - LVS director #2 (internal)
> 10.0.0.3 - internal IP for web1
> 10.0.0.4 - internal IP for web2
> 10.0.0.254 - load balanced default gateway IP for
director1/director2
>
>
> The direct system access works great, but I need an iptables rule to
> handle the SNAT/DNAT exception of the load balanced IP.
>
> I have rules like:
>
> iptables -A nat PREROUTING -d 192.168.1.3 -I eth1 -j DNAT
> --to-destination 10.0.0.3
>
> and
>
> iptables -A nat POSTROUTING -s 10.0.0.3 ! -d 10.0.0/24 -j SNAT
> --to-source 192.168.1.3
>
> But then, of course when I get a connection on 192.168.1.100, the
> director sends the packets to the real server, the real server shoots
> back its response, but the POSTROUTING rule rewrites the source to the
> "direct" IP, 192.168.1.3 instead of the load balanced IP. I just
haven't
> figured out a simple way to change the SNAT address depending on the
> source of the initial communication, the virtual IP.
>
> It's probably just a simple iptables rule, but it's evading me....
>
> TIA,
>
> Ryan
>
> --
> Ryan Ordway Unix Systems Administrator
> OSU Libraries E-mail: ryan.ordway@xxxxxxxxxxxxxxx
|
