Hello,
On Tue, 30 Jan 2001, Joseph Mack wrote:
> In a VS-NAT LVS, the incoming packets are NAT'ed (or
> whatever it's called) to the real-servers.
>
> The returning packets are NAT'ed (in the opposite sense)
> on the director by rules like
>
> ipchains -A forward -p tcp -j MASQ -s realserver1 telnet -d 0.0.0.0/0
>
> If there are several IP's on the outside of the director eg
>
> 192.168.2.1 eth0
> 192.168.2.110 eth0:1 (the VIP)
>
> how does the director know to make the src_addr = VIP
> for the outgoing packet?
>
> In general for a NAT box, how is the src_addr chosen for masqueraded
> packets, when there are several IPs on the outside of the NAT box.
The rule is simple: only the routing decides when outgoing
connections are created initiated from the NAT-ed servers. When LVS
creates connections to NAT-ed real servers the VIP is set as the
masquerading address.
How one can select specific source addresses for the
masquerading:
ip route add 10.0.0.0/24 brd + dev eth0 via uplink1 src SRCIP1
ip route add 10.0.1.0/24 brd + dev eth0 via uplink2 src SRCIP2
Source routing can't be used to select the maddr for the
connections initiated from the internal hosts. It will be ignored.
In this example, the SRCIP1 and SRCIP2 will be selected
according to the destination. This is for connections initiated from
the internal servers. LVS always assigns VIP as maddr.
So, the rule when using masquerading with many addresses
is to setup correctly the source addresses for each route. The
default value is usually the first interface address:
ip route
> Joe
Regards
--
Julian Anastasov <ja@xxxxxx>
|