LVS-NAT and packets originating from realserver

C. R. Oldham cro at
Wed Aug 25 17:09:50 BST 2004

> Let's say you can figure out how to do this...
> The replies coming from the machine on the internet will have 
> dst_addr=VIP.
> The director will see the packets and since they aren't part 
> of an established
> connection, they will be dropped.

You can do this with policy-based routing in the 2.6 series of kernels.
On my Debian realservers I have this in the /etc/networks/interfaces

auto eth0 eth1
iface eth0 inet dhcp

iface eth1 inet static
   up ip route add dev eth1 src table lvs
   up ip route add default via table lvs
   up ip rule add from table lvs
   down ip rule delete from table lvs
   down ip route delete dev eth1 src table lvs

And I have a table "lvs" in my iproute2/rt_tables file:

# reserved values
255     local
254     main
253     default
0       unspec
# local
1       inr.ruhep
80      lvs

It took me a long time and lots of googling to figure this out but it
works great.


