Problems with LVS-NAT and direct routing to network behindLVS.....

Pawel Kisiel tecman at rally.ds4.agh.edu.pl
Wed Aug 29 20:48:34 BST 2001


On Wed, 29 Aug 2001, Zachariah Mully wrote:

> 	If I understand you correctly you have a route between the DMZ and your
> private internal network and the box with the LVS-NAT is routing both
> requests from the Internet (traffic that should be load balanced) and
> from the internal network (traffic that shouldn't be LB'ed). 
Yes, that's true...

>You need to read up on either your firewall rules or setup an internal DNS server to
> fix your problem as the problem isn't with the LVS, but with how you are
> NAT/Masq/Portfw'ing your external ips to the LB'ed RS'es.
I don't think so.... I don't need internal dns....I only need to get to
thsese machines by giving an ip address, nothing more...
	I'm using iptables right now...and I'm FORWARDing traffic between
 10.10.0.0/24 and 10.10.1.0/24 not Masquerading it or SNATing....just
ACCEPTing....
	but all traffic that should be directed to the internet is
SNATing....using POSTROUTING table....

> 	Since you don't mention what you're running (ipchains/iptables), I
> can't help you any further than to say this is a lot easier to do if
> you're running iptables on the director/router. With ipchains there
> isn't any way that I know of to do what you want.

	So You know now that I'm involved in iptables....so can You tell
me what to do in this situation?
	I want to achive:
	-route between 10.10.0.0/24 and 10.10.1.0/24 with
all ports available(even these that are mapped on LVS to loadbalance the
resources)
	-other traffic coming from internet to my LVS-NAT box can reach 
my hidden resources in 10.10.1.0/24 on ports that I will configure...	
	-if it is possible also I would like to be able to conenct from 
10.10.0.0/24 to LVS-NAT resources when I will try to connect to them using
 public ip addresses(like normal clients from internet do)...
 (probably I will still have this ability but I'm not 100% sure about
that)
 My diagram doesn't show that I have default gateway in 10.10.0.0/24 when I'm trying
to reach external ip addresses...    



	Thank You for any help in solving my problem...


Pawel Kisiel







More information about the lvs-users mailing list