|
On Tue, 2007-04-17 at 06:53 -0500, Rudd, Michael wrote:
> Not a problem LOL. I understand you guys are busy. Grame fowler was
> asking some questions yesterday.
>
> Any rate as I was telling him I also switched to trying to use LVS-DR as
> well. The problem I'm running into there is I setup an Iptables rule to
> do the SNAT for me on the realserver. Show below iptables -t nat -A
> POSTROUTING -p udp --source-port 53 -o bond1.201 -j SNAT --to-source
> 192.168.67.213:53
Hrm.
You shouldn't need the SNAT rule with LVS-DR (that's the point of DR,
after all!).
The VIP should be bound to a real device (ie not loopback) on the
director; to loopback on the realserver; BIND should be listening on the
VIP (and probably not on the realserver's RIP).
That way, query responses will be sent from the interface to which BIND
is, erm, bound. If you see what I mean.
I don't recall *ever* having to use SNAT to mangle outgoing packets
using DR.
Graeme
|
