|
> -----Original Message-----
> From: lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:lvs-users-
> bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Siim Põder
> Sent: Thursday, February 01, 2007 12:14 AM
> To: LinuxVirtualServer.org users mailing list.
> Subject: Re: Problems with LVS+heartbeat+ldirectord+iptables w/ SNAT/DNAT
>
> Yo!
>
> Ordway, Ryan wrote:
> > Perhaps... would that work with SNAT? For example, if I did
> >
> > iptables -A POSTROUTING -s 10.0.0.3 ! -d 10.0.0.0/24 -m conntrack
> > --ctorigdst ! 192.168.1.100 -j SNAT --to-source 192.168.1.3
> >
> > should that only perform the SNAT if the original destination is
> > 192.168.1.100? Does the conntrack status survive when the packet goes
> > off to 10.0.0.3 and comes back?
>
> That's why I suggested it.
>
> Your match matches anything that's coming from 10.0.0.3 and not to the
> 10.0.0.0/24 network that has had the first packet of the connection
> being directed to anything BUT 192.168.1.100 (before any NAT).
Right. 192.168.1.3 is the "direct" IP. I only want it to be SNAT'd to that IP
if it was sent directly to 10.0.0.3. Otherwise, I want LVS to handle the
packets.
|
