Port redirection in LVS Localnode
ratz at drugphish.ch
Tue Jul 20 06:11:21 BST 2004
[please try to wrap your overly long lines in your emails next time]
> I have a configuration with only two machines that act both as directors and real servers (Localnode)
> With a Localnode configuration I alredy heard that you can´t make port redirection/rewrite independently
> off the forwarding method (DR, TUN or NAT)
> I need port redirection because I want to offer
> a Virtual HTTP Service on port 80, and map this service
> to two real servers running Tomcat on port 8080 with
> an unprivileged account.
> Because LVS can´t do redirection, I tried with a
> iptables DNAT rule in the PREROUTING CHAIN.
> iptables -t nat -A PREROUTING -p tcp -d VIP --dport 80 \
> -j DNAT --to VIP:8080
> This rule functions well for the traffic that is
> mapped to the local real server, but the traffic that
> goes to the other real server returns with source port
If I understand you correctly, the other RS is a physically different
> 8080 to client (which causes a Reset of TCP connection
> by client) I probed this configuration with LVS/NAT
> and LVS/DR with forward_shared (source martians) patch.
You need someone to do a port mapping for you on your back-path ;).
> Is it possible to do port redirection in a Localnode environment?
[First idea I had which probably doesn't work]
I don't know but what you could try is to add two rules:
[Internet] ----> eth0[director/node1]eth1 -----> eth0[node2]
Two DNAT rules:
iptables -t nat -A PREROUTING -i eth0 -p tcp -d $VIP --dport 80 \
-j DNAT --to $VIP:8080
iptables -t nat -A POSTROUTING -i eth0 -p tcp -d $CIP -s $RIP \
--sport 8080 -j SNAT --to-source $IP_of_eth0:80
The "problem" is that netfilter maintains a template table which is used
to lookup the n-tuple corresponding to your initial connection attempt
which was port-redirected. Of course the source port of the outgoing
packet is then not known which gives you little to know option of back
mapping the port.
What you could do is have a tcp forwarding tool on a local socket on
node2 which redirects traffic to the local socket on port 8080. There
are other possibilities, however I'm not sure if I understand your
current setup correctly.
HTH and best regards,
Roberto Nibali, ratz
More information about the lvs-users