Re: Problems with LVS+heartbeat+ldirectord+iptables w/ SNAT/DNAT

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: Problems with LVS+heartbeat+ldirectord+iptables w/ SNAT/DNAT
From:	Siim Põder <windo@xxxxxxxxxxxxxxx>
Date:	Thu, 01 Feb 2007 10:14:06 +0200

Yo!

Ordway, Ryan wrote:
> Perhaps... would that work with SNAT? For example, if I did
> 
> iptables -A POSTROUTING -s 10.0.0.3 ! -d 10.0.0.0/24 -m conntrack
> --ctorigdst ! 192.168.1.100 -j SNAT --to-source 192.168.1.3
> 
> should that only perform the SNAT if the original destination is
> 192.168.1.100? Does the conntrack status survive when the packet goes
> off to 10.0.0.3 and comes back?

That's why I suggested it.

Your match matches anything that's coming from 10.0.0.3 and not to the
10.0.0.0/24 network that has had the first packet of the connection
being directed to anything BUT 192.168.1.100 (before any NAT).

Siim

<Prev in Thread]	Current Thread	[Next in Thread>
RE: Problems with LVS+heartbeat+ldirectord+iptables w/ SNAT/DNAT, Ordway, Ryan Re: Problems with LVS+heartbeat+ldirectord+iptables w/ SNAT/DNAT, Siim Põder <= RE: Problems with LVS+heartbeat+ldirectord+iptables w/ SNAT/DNAT, Ordway, Ryan

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: ldirectord: checkinterval global, or per-service?, Joseph Mack NA3T
Next by Date:	LVS vs HA Proxy, howard chen
Previous by Thread:	RE: Problems with LVS+heartbeat+ldirectord+iptables w/ SNAT/DNAT, Ordway, Ryan
Next by Thread:	RE: Problems with LVS+heartbeat+ldirectord+iptables w/ SNAT/DNAT, Ordway, Ryan
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: ldirectord: checkinterval global, or per-service?, Joseph Mack NA3T

Next by Date:

LVS vs HA Proxy, howard chen

Previous by Thread:

RE: Problems with LVS+heartbeat+ldirectord+iptables w/ SNAT/DNAT, Ordway, Ryan

Next by Thread:

RE: Problems with LVS+heartbeat+ldirectord+iptables w/ SNAT/DNAT, Ordway, Ryan

Indexes:

[Date] [Thread] [Top] [All Lists]