|
Hi,
I think he's talking about IPVS FULLNAT from this link :
http://kb.linuxvirtualserver.org/wiki/IPVS_FULLNAT_and_SYNPROXY
Sébastien ROHAUT
-----Message d'origine-----
Hello,
Stefan Bauer wrote:
: according to latest stable kernel and
:
: net/netfilter/ipvs/ip_vs_conn.c
[...]
: there is still no support for Full-NAT in Kernel right? Or is this something
i have to do in userland?
What do you mean by Full-NAT? Is it similar to what you get when you
use a user-space reverse proxy? I have been looking for this a month ago - my
real servers are on a different network than my IPVS redirector and run a
non-Linux OS, so things like tunnelling are hard to do there.
I have discovered that using IPVS with masq method and rewriting the
source address in iptables did exactly what I wanted. I use the following
configuration:
for ldirectord:
virtual=virtualip:srvport
real=realserver1:srvport masq 100
real=realserver2:srvport masq 100
[... scheduler and other parameters omitted for brevity ...]
for iptables:
iptables -t nat -A POSTROUTING -d realserver1 \
-p tcp --dport srvport -j MASQUERADE
iptables -t nat -A POSTROUTING -d realserver2 \
-p tcp --dport srvport -j MASQUERADE
Is this what you are looking for?
-Yenya
--
| Jan "Yenya" Kasprzak <kas at {fi.muni.cz - work | yenya.net -
| private}> | New GPG 4096R/A45477D5 - see
http://www.fi.muni.cz/~kas/pgp-rollover.txt |
| http://www.fi.muni.cz/~kas/ Journal: http://www.fi.muni.cz/~kas/blog/ |
Please don't top post and in particular don't attach entire digests to your
mail or we'll all soon be using bittorrent to read the list. --Alan Cox
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx Send
requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
-------
Ce message et toutes les pièces jointes sont établis à l'intention exclusive de
ses destinataires et sont confidentiels. L'intégrité de ce message n'étant pas
assurée sur Internet, la SNCF ne peut être tenue responsable des altérations
qui pourraient se produire sur son contenu. Toute publication, utilisation,
reproduction, ou diffusion, même partielle, non autorisée préalablement par la
SNCF, est strictement interdite. Si vous n'êtes pas le destinataire de ce
message, merci d'en avertir immédiatement l'expéditeur et de le détruire.
-------
This message and any attachments are intended solely for the addressees and are
confidential. SNCF may not be held responsible for their contents whose
accuracy and completeness cannot be guaranteed over the Internet. Unauthorized
use, disclosure, distribution, copying, or any part thereof is strictly
prohibited. If you are not the intended recipient of this message, please
notify the sender immediately and delete it.
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
