Re: [lvs-users] Help with LVS NAT and RHEL5.8

To: " users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] Help with LVS NAT and RHEL5.8
Cc: "Liu, William" <wliu@xxxxxxx>
From: David Coulson <david@xxxxxxxxxxxxxxxx>
Date: Thu, 26 Jul 2012 13:23:55 -0400
On 7/26/12 12:40 PM, Liu, William wrote:
> Hi,
> I am a problem with LVS NAT configuration where the packets do not look like 
> they are being masqueraded by LVS.   Here's my setup:
> LVS server has 3 interfaces: primary, nat_router, virtual IP
> -primary
> - nat router
> - virtual IP, port 80
>                  |---- (Real server)
> A client ( connects to on port 80 never gets a 
> response back.  What I see on Real sever ( on tcpdump is :
> 16:35:08.103968 IP > S 
> 1718115488:1718115488(0) win 5840 <mss 1460,sackOK,timestamp 500867550 
> 0,nop,wscale 7>
> This shows source IP of the client and NOT from LVS.  I presume in NAT mode, 
> the source IP should be of the "nat router?"  From my understanding LVS 
> should have done the header masquerading?  I shouldn't have to use IPtables?  
> Please let me know what I have to do for this function to work?

There is a SNAT patch for LVS out on the Internet somewhere, but it is 
not supported by RedHat. With RHEL, none of the three (DR,NAT, TUN) 
mechanisms modify the source IP of the packets.

If you use LVS-NAT, you need to make sure the real server routes the 
packet back through the LVS director so the 'un-NAT' can happen 
correctly before the request goes back to the client.


Please read the documentation before posting - it's available at: mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to

<Prev in Thread] Current Thread [Next in Thread>