|
Hi,
Yes, with the SNAT on the real server you should be fine.
Best Regards
Martin
On 2015-02-02 10:12, Yonghua Peng wrote:
> Martin,
>
> What I meant is, the incoming packages implement DNAT by LVS, then
> forward to realserver.
> The outgoing packages implement SNAT, then forward to client.
> Since host A and B have the same VIP (managed by OSPF), after the
> SNAT,
> the packages seem to be from the same host. Client shouldn't drop
> them.
>
> Am I right?
> Thanks.
>
>
> Martin Wheldon wrote:
>> Hi,
>>
>> The DNAT would still need to be reversed. The client will otherwise
>> drop
>> the packet as it won't be from the host it started the connection
>> with.
>>
>> Best Regards
>>
>> Martin
>>
>> On 2015-02-02 09:59, Yonghua Peng wrote:
>>> If it's just a DNAT forwarding for the incoming packet, I don't
>>> think
>>> LVS host has to keep the status of the connection.
>>> I am probably wrong, just by curious. And I will test for it.
>>>
>>> Thanks.
>>>
>>> Martin Wheldon wrote:
>>>> Hi,
>>>>
>>>> Because there will be no entry in the NAT table on the second host
>>>> so
>>>> it won't know how to deal with the return packet.
>>>>
>>>> Best Regards
>>>>
>>>> Martin
>>>>
>>>> On 2015-02-02 09:06, Yonghua Peng wrote:
>>>>> Can you tell me why the realserver should use host A as the
>>>>> gateway?
>>>>> since host A and B have the same configure, and share the same
>>>>> VIP,
>>>>> I
>>>>> was thinking both A and B can be setup as the gateway.
>>>>>
>>>>> Thanks.
>>>>>
>>>>> Ivan Havlicek wrote:
>>>>>> No, if a transaction start via LVS host A, the realserver need
>>>>>> to
>>>>>> use
>>>>>> this host as gateway to respond.
>>>>>> This is the normal for a NAT.
>>>>>
>>>>> _______________________________________________
>>>>> Please read the documentation before posting - it's available at:
>>>>> http://www.linuxvirtualserver.org/
>>>>>
>>>>> LinuxVirtualServer.org mailing list -
>>>>> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>>>>> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>>>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>>>
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Please read the documentation before posting - it's available at:
>>>> http://www.linuxvirtualserver.org/
>>>>
>>>> LinuxVirtualServer.org mailing list -
>>>> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>>>> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>>
>>>
>>> _______________________________________________
>>> Please read the documentation before posting - it's available at:
>>> http://www.linuxvirtualserver.org/
>>>
>>> LinuxVirtualServer.org mailing list -
>>> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>>> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>
>>>
>>
>>
>> _______________________________________________
>> Please read the documentation before posting - it's available at:
>> http://www.linuxvirtualserver.org/
>>
>> LinuxVirtualServer.org mailing list -
>> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list -
> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
> !DSPAM:31,54cf4d55101351582769714!
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
