LVS-NAT and packets originating from realserver

C. R. Oldham cro at ncacasi.org
Wed Aug 25 17:09:50 BST 2004


> Let's say you can figure out how to do this...
> 
> The replies coming from the machine on the internet will have 
> dst_addr=VIP.
> The director will see the packets and since they aren't part 
> of an established
> connection, they will be dropped.


You can do this with policy-based routing in the 2.6 series of kernels.
On my Debian realservers I have this in the /etc/networks/interfaces
file:

auto eth0 eth1
iface eth0 inet dhcp

iface eth1 inet static
   address 192.168.0.2
   netmask 255.255.255.0
   up ip route add 192.168.0.0 dev eth1 src 192.168.0.2 table lvs
   up ip route add default via 192.168.0.1 table lvs
   up ip rule add from 192.168.0.2 table lvs
   down ip rule delete from 192.168.0.2 table lvs
   down ip route delete 192.168.0.0 dev eth1 src 192.168.0.2 table lvs

And I have a table "lvs" in my iproute2/rt_tables file:

#
# reserved values
#
255     local
254     main
253     default
0       unspec
#
# local
#
1       inr.ruhep
80      lvs

It took me a long time and lots of googling to figure this out but it
works great.

--cro



More information about the lvs-users mailing list