LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

RE: Netfilter connection tracking support for IPVS

from [Nicklas Bondesson] [Permanent Link]
To: "'Julian Anastasov'" <ja@xxxxxx>
Subject: RE: Netfilter connection tracking support for IPVS
Cc: "'LinuxVirtualServer.org users mailing list.'" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
From: "Nicklas Bondesson" <nicklas.bondesson@xxxxxxxxxxxx>
Date: Sat, 24 Feb 2007 00:02:51 +0100 
>       Is the SNAT rule working without NFCT patch?
> 
> Regards
> 
> --
> Julian Anastasov <ja@xxxxxx>

No, this is why got my hands on the patch in the first place.

I have scenarios like this:

Request:
CLIENT -> VIP[with_public_ip_1] -> A_REAL_SERVER[private_ip_1]

Response:
A_REAL_SERVER[private_ip_1] -> VIP[with_public_ip_1] -> CLIENT

---

Request:
CLIENT -> VIP[with_public_ip_2] -> A_REAL_SERVER[private_ip_2]

Response:
A_REAL_SERVER[private_ip_2] -> VIP[with_public_ip_2] -> CLIENT


I'm not sure if i'm beeing clear here, but in simple words: the same public
ip address that the client uses to connect to the LVS should be used as
source ip in the response to the client.

I have multiple public ip addresses that i need to source nat.

The firewall is on the same box as the director.

Any pointers?


Thanks,
Nicklas
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Netfilter connection tracking support for IPVS, Julian Anastasov
Next by Date:  Ldirectord and tunneling, Brian Sheets
Previous by Thread:  RE: Netfilter connection tracking support for IPVS, Julian Anastasov
Next by Thread:  RE: Netfilter connection tracking support for IPVS, Julian Anastasov
Indexes:  [Date] [Thread] [Top] [All Lists]