LVS-NAT + SNAT is it impossible?

Paulo F. Andrade pfca at mega.ist.utl.pt
Fri Jul 14 14:48:58 BST 2006 

I guess what you want is something in the line of this: http:// 
www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS- 
NAT.html#clients_on_LVS-NAT_realserver_contacting_services_on_VIP

Paulo F. Andrade 52439 at IST
mailto: pfca at mega.ist.utl.pt


On 2006/07/14, at 07:25, Josh Marshall wrote:

> Hi,
>
> Along similar lines to this I would like to know if it's possible  
> to allow realservers behind a LVS-NAT to access virtual servers.
>
> e.g. I have a pair of webservers and a pair of mailservers behind a  
> single LVS-NAT machine. When a webserver emails the mailserver  
> (hundreds of virtual domains so faking the dns would be a pain) it  
> is not able to connect via the external IP address.
>
> When I do a tcpdump I see that the request is going from the  
> webserver to the firewall then to the mailserver, but the path back  
> to the webserver is direct, and since it's the internal ip address  
> of the mailserver rather than the ip address of the VIP the  
> webserver doesn't recognise the reply.
>
> Is there some way I can get the firewall to SNAT so that  
> connections will go via the firewall correctly? I read somewhere  
> that I could use mark tables but couldn't quite piece it all together.
>
> Thanks,
> Josh
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> Send requests to lvs-users-request at LinuxVirtualServer.org
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list