|
> -----Original Message-----
> From: lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:lvs-users-
> bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Siim Põder
> Sent: Wednesday, January 31, 2007 4:37 AM
> To: LinuxVirtualServer.org users mailing list.
> Subject: Re: Problems with LVS+heartbeat+ldirectord+iptables w/ SNAT/DNA
> Ordway, Ryan wrote:
> >> But then, of course when I get a connection on 192.168.1.100, the
> >> director sends the packets to the real server, the real server shoots
> >> back its response, but the POSTROUTING rule rewrites the source to the
> >> "direct" IP, 192.168.1.3 instead of the load balanced IP. I just
> > haven't
> >> figured out a simple way to change the SNAT address depending on the
> >> source of the initial communication, the virtual IP.
>
> Should be a fairly standard module:
>
> iptables -m conntrack --ctorigdst ...
>
> Helps?
Perhaps... would that work with SNAT? For example, if I did
iptables -A POSTROUTING -s 10.0.0.3 ! -d 10.0.0.0/24 -m conntrack --ctorigdst !
192.168.1.100 -j SNAT --to-source 192.168.1.3
should that only perform the SNAT if the original destination is 192.168.1.100?
Does the conntrack status survive when the packet goes off to 10.0.0.3 and
comes back?
I've also tried using MARK to mark the packets destined for 192.168.1.100 and
then use -m mark to exclude those packets from the SNAT, which doesn't seem to
work either.
Any ideas?
|
