|
Hello,
On Thu, 15 Mar 2007, Rodre Ghorashi-Zadeh wrote:
> I am totally confused about the whole SNAT, snat_reroute, NFCT, etc. I have
> downloaded Julian's NFCT patch for my kernel (centos 4.4
> 2.6.9-42.0.10.ELsmp), patched/built/installed the kernel, echoed 1 >
> /proc/sys/net/ipv4/vs/conntrack & and snat_reroute, wrote an iptables rule
> that looks like this: iptables -t nat -A POSTROUTING -p tcp -s $MYIP -d $RIP
> --dport $SOMEPORT -j SNAT --to-source $DEFAULTGATE, sent the appropriate
> traffic that should get caught and manipulated by the previous rule,
> experienced no results, googled, read all kinds of stuff about this topic,
> and was left totally confused.
snat_reroute is only for IPVS packets. I just added some information
in HOWTO.txt (http://www.ssi.bg/~ja/nfct/HOWTO.txt). SNAT: translate
source address. Reroute: call output routing for 2nd time (saddr=VIP),
first was the normal input routing for saddr=RIP.
> My question is:
>
> Does the NFCT patch allow you to do an iptables style SNAT to traffic
> leaving the LVS box, or does it allow you to route the packets using the
> ip2route suite?
NFCT patch is not a way to use iptables NAT rules, it just
provides iptables -m state support for IPVS packets.
Regards
--
Julian Anastasov <ja@xxxxxx>
|
