|
Hello,
On Wed, 18 Apr 2007, Rudd, Michael wrote:
> So I send my DNS query to my VIP on my directors. It gets routed to a
> realserver which I've attached the vip to bond1.201:0. According to
> others I've talked to I shouldn't need an iptables rule but I still
> don't see the packet out with the source ip address of the VIP. I see
> the packet with the source IP of the actual realserver. Its possible it
> is a routing issue though so I plan on digging deeper on that today.
For LVS-DR reply should be generated in real server with src=VIP.
If you ask the question for LVS-NAT then with OPS you will need the
iptables SNAT rule because IPVS does not recognize replies. But I have
never tested such setup. Without OPS you don't need iptables SNAT rule,
IPVS translates the source address.
> Should I need an iptables rule at all for LVS-DR?
No, reply goes directly from real server to client.
Regards
--
Julian Anastasov <ja@xxxxxx>
|
