Re: [lvs-users] full-nat support in mainline kernel?

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: [lvs-users] full-nat support in mainline kernel?
From:	Jan Kasprzak <kas@xxxxxxxxxx>
Date:	Fri, 1 Feb 2013 11:22:38 +0100

Stefan Bauer wrote:
: -----Ursprüngliche Nachricht-----
: Von:  Jan Kasprzak <kas@xxxxxxxxxx>
: > for ldirectord:
: > 
: > virtual=virtualip:srvport
: >     real=realserver1:srvport masq 100
: >     real=realserver2:srvport masq 100
: >     [... scheduler and other parameters omitted for brevity ...]
: > 
: > for iptables:
: > 
: > iptables -t nat -A POSTROUTING -d realserver1 \
: >     -p tcp --dport srvport -j MASQUERADE
: > iptables -t nat -A POSTROUTING -d realserver2 \
: >     -p tcp --dport srvport -j MASQUERADE
: > 
: > Is this what you are looking for?
: 
: Well, a simple SNAT is what i want but i prefer to get
: it done by ipvsadm/ip_vs in Kernel. Thats how i understood
: the implementation by Jiaming Wu and Jian Chen according to
: http://kb.linuxvirtualserver.org/wiki/IPVS_FULLNAT_and_SYNPROXY.

        From that page:

> The main principle is as follows: the module introduces local ip address
> (IDC internal ip address, lip), IPVS translates cip-vip to/from lip-rip,
> in which lip and rip both are IDC internal ip address, so that LVS load
> balancer and real servers can be in different vlans, and real servers
> only need to access internal network. See Virtual Server via Full NAT
> for more information.

        I think my configuration above does exactly this
(well, I have omitted "lip" address, using SNAT to a different address
instead of MASQUERADE would solve it).

: I just dont want to mess in userland with iptables manually.

        OK, understood. For me it was still better than installing
a reverse proxy for a single virtual service out of tens I already
serve using IPVS.

-Yenya

-- 
| Jan "Yenya" Kasprzak  <kas at {fi.muni.cz - work | yenya.net - private}> |
| New GPG 4096R/A45477D5 - see http://www.fi.muni.cz/~kas/pgp-rollover.txt |
| http://www.fi.muni.cz/~kas/    Journal: http://www.fi.muni.cz/~kas/blog/ |
Please don't top post and in particular don't attach entire digests to your
mail or we'll all soon be using bittorrent to read the list.     --Alan Cox

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread]	Current Thread	[Next in Thread>
[lvs-users] full-nat support in mainline kernel?, Stefan Bauer Re: [lvs-users] full-nat support in mainline kernel?, Jan Kasprzak Re: [lvs-users] full-nat support in mainline kernel?, ROHAUT Sébastien (EXT GFI) Re: [lvs-users] full-nat support in mainline kernel?, Stefan Bauer Re: [lvs-users] full-nat support in mainline kernel?, Jan Kasprzak <= Re: [lvs-users] full-nat support in mainline kernel?, Stefan Bauer Re: [lvs-users] full-nat support in mainline kernel?, Jan Kasprzak

Previous by Date:	Re: [lvs-users] full-nat support in mainline kernel?, Stefan Bauer
Next by Date:	Re: [lvs-users] full-nat support in mainline kernel?, Stefan Bauer
Previous by Thread:	Re: [lvs-users] full-nat support in mainline kernel?, Stefan Bauer
Next by Thread:	Re: [lvs-users] full-nat support in mainline kernel?, Stefan Bauer
Indexes:	[Date] [Thread] [Top] [All Lists]