LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: [lvs-users] LVS Source NAT question: address pool?

from [Patrick Schaaf] [Permanent Link]
To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] LVS Source NAT question: address pool?
From: Patrick Schaaf <netdev@xxxxxx>
Date: Thu, 10 Mar 2011 10:01:37 +0100 
On Wed, 2011-03-09 at 15:18 -0800, George B. wrote:
> So, basically, I want to take an incoming packet, destination NAT to the
> desired real server, and source NAT the packet from a pool of IP addresses
> on the LVS to ensure the traffic gets routed back to it.
> 
> Can LVS do that?

The source NAT would be iptables job. Sidestepping the question of
iptables SNAT working with LVS connections, which is a general topic by
itself, such "address pooling" can be done by making several iptables
rules in the nat POSTROUTING chain, each of them matching by some
criteria a subset of all traffic.

I use both of the following schemes, in an outbound (non-LVS) scenario,
the first one where I want a real source to always be represented by a
fixed specific changed source address, the second one where I want even
a single source to use several outgoing source addresses randomly, per
connection:

By source IP address, four-way, looking at the last two bits of the real
source:

-A POSTROUTING -s 0.0.0.0/0.0.0.3 -j SNAT --to-source 1.2.3.1
-A POSTROUTING -s 0.0.0.1/0.0.0.3 -j SNAT --to-source 1.2.3.2
-A POSTROUTING -s 0.0.0.2/0.0.0.3 -j SNAT --to-source 1.2.3.3
-A POSTROUTING -s 0.0.0.3/0.0.0.3 -j SNAT --to-source 1.2.3.4

By IP Id, eight way

-A POSTROUTING -m u32 --u32 0x2&7=0x0 -j SNAT --to-source 1.2.4.1
-A POSTROUTING -m u32 --u32 0x2&7=0x1 -j SNAT --to-source 1.2.4.2
-A POSTROUTING -m u32 --u32 0x2&7=0x2 -j SNAT --to-source 1.2.4.3
-A POSTROUTING -m u32 --u32 0x2&7=0x3 -j SNAT --to-source 1.2.4.4
-A POSTROUTING -m u32 --u32 0x2&7=0x4 -j SNAT --to-source 1.2.4.5
-A POSTROUTING -m u32 --u32 0x2&7=0x5 -j SNAT --to-source 1.2.4.6
-A POSTROUTING -m u32 --u32 0x2&7=0x6 -j SNAT --to-source 1.2.4.7
-A POSTROUTING -m u32 --u32 0x2&7=0x7 -j SNAT --to-source 1.2.4.8

hope this helps
  Patrick


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [lvs-users] LVS Source NAT question: address pool?, George B.
Next by Date:  Re: [lvs-users] LVS Source NAT question: address pool?, George B.
Previous by Thread:  [lvs-users] LVS Source NAT question: address pool?, George B.
Next by Thread:  Re: [lvs-users] LVS Source NAT question: address pool?, George B.
Indexes:  [Date] [Thread] [Top] [All Lists]