LVS-NAT + SNAT is it impossible?

Josh Marshall josh at worldhosting.org
Fri Jul 14 07:25:24 BST 2006 

Hi,

Along similar lines to this I would like to know if it's possible to 
allow realservers behind a LVS-NAT to access virtual servers.

e.g. I have a pair of webservers and a pair of mailservers behind a 
single LVS-NAT machine. When a webserver emails the mailserver (hundreds 
of virtual domains so faking the dns would be a pain) it is not able to 
connect via the external IP address.

When I do a tcpdump I see that the request is going from the webserver 
to the firewall then to the mailserver, but the path back to the 
webserver is direct, and since it's the internal ip address of the 
mailserver rather than the ip address of the VIP the webserver doesn't 
recognise the reply.

Is there some way I can get the firewall to SNAT so that connections 
will go via the firewall correctly? I read somewhere that I could use 
mark tables but couldn't quite piece it all together.

Thanks,
Josh

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list