Re: [PATCH] Runtime interception method switch

To:	Joseph Mack NA3T <jmack@xxxxxxxx>
Subject:	Re: [PATCH] Runtime interception method switch
Cc:	LVS Devel <lvs-devel@xxxxxxxxxxxxxxx>
From:	Raphael Vallazza <raphael@xxxxxxxxxx>
Date:	Mon, 14 Jan 2008 09:39:48 +0100

I think this has nothing to with the input method, it's more a problemof the *xmit* function. Packets for realservers don't seem to flowthrough the SNAT chain, this way it's not possible to change thesource IP.

This could probably be implemented either by letting the packets flowthrough the iptables/SNAT (it seems that the patch on http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.non-modified_realservers.htmldoes this), or to implement SNAT in the IPVS/NAT method.


Raphael

Am 13.01.2008 um 18:59 schrieb Joseph Mack NA3T:

On Sun, 13 Jan 2008, Raphael Vallazza wrote:
3. PREROUTING Intercept incoming connections before DNAT and inputfiltering has been applied, this enables transparent proxying onrealnodes and localnode.
Raphael,
What's the best way of implementing F5-SNAT? All packets mustarrive at the realservers with src_addr=DIP. Where should ipvs behooked and where should the iptables rules be to NAT the packets?
client: CIP->VIP:80

ipvs on LVS-NAT director: CIP->RIP:80

iptables rules on director (in POSTROUTING?) DIP->RIP:80

realserver: RIP:80->DIP

iptables rules on director RIP:80->CIP

ipvs on LVS-NAT director: VIP:80->CIP

client: gets packet VIP:80->CIP

Thanks Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
-
To unsubscribe from this list: send the line "unsubscribe lvs-devel"in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


--

:: e n d i a n
:: open source - open minds

:: raphael vallazza
:: phone +39 0471 631763  :: fax +39 0471 631764
:: http://www.endian.com  :: raphael (AT) endian.com

-
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

<Prev in Thread]	Current Thread	[Next in Thread>
[PATCH] Runtime interception method switch, Raphael Vallazza Re: [PATCH] Runtime interception method switch, Joseph Mack NA3T Re: [PATCH] Runtime interception method switch, Raphael Vallazza <= Re: [PATCH] Runtime interception method switch, Joseph Mack NA3T Re: [PATCH] Runtime interception method switch, Simon Horman Re: [PATCH] Runtime interception method switch, Joseph Mack NA3T Re: [PATCH] Runtime interception method switch, Simon Horman Re: [PATCH] Runtime interception method switch, Janusz Krzysztofik Re: [PATCH] Runtime interception method switch, Raphael Vallazza Re: [PATCH] Runtime interception method switch, Simon Horman Re: [PATCH] Runtime interception method switch, Joseph Mack NA3T Re: [PATCH] Runtime interception method switch, Simon Horman Re: [PATCH] Runtime interception method switch, Joseph Mack NA3T

Previous by Date:	Re: [PATCH] Runtime interception method switch, Joseph Mack NA3T
Next by Date:	Re: [PATCH] Runtime interception method switch, Joseph Mack NA3T
Previous by Thread:	Re: [PATCH] Runtime interception method switch, Joseph Mack NA3T
Next by Thread:	Re: [PATCH] Runtime interception method switch, Joseph Mack NA3T
Indexes:	[Date] [Thread] [Top] [All Lists]