|
On Sun, 13 Jan 2008, Raphael Vallazza wrote:
3. PREROUTING Intercept incoming connections before DNAT
and input filtering has been applied, this enables
transparent proxying on realnodes and localnode.
Raphael,
What's the best way of implementing F5-SNAT? All
packets must arrive at the realservers with src_addr=DIP.
Where should ipvs be hooked and where should the iptables
rules be to NAT the packets?
client: CIP->VIP:80
ipvs on LVS-NAT director: CIP->RIP:80
iptables rules on director (in POSTROUTING?) DIP->RIP:80
realserver: RIP:80->DIP
iptables rules on director RIP:80->CIP
ipvs on LVS-NAT director: VIP:80->CIP
client: gets packet VIP:80->CIP
Thanks
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
-
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
|
