IPVS & SNAT

Abdalla N. A. A. administrator at mistoclub.com
Mon Mar 6 19:01:02 GMT 2006


Hi all.

I have a IPVS (from 2.4.29 kernel, as module) configured for NAT mode. All 
works fine, but I need to set gw address on real servers to point to IPVS 
host.

I'd like to use SNAT rule on IPVS host to set source address for packets, 
going to real servers. It must be ip address of outgoing if, for real 
servers to reply correctly.

As far as I know, IPVS core doesn't return NAT packets back to iptables for 
further processing. So, I can't handle them in nat-POSTROUTE table.

I've tried NFCT patch (which is said to work with SNAT-reroute), but with no 
luck. nat/POSTROUTE table is simply ignored.

Then, I've digged into ip_vs_core.c. There are some functions, which handle 
NAT -output packets & return NF_STOLEN to iptables. I've tried to comment 
the code that sends packets directly & returned NF_ACCEPT. No luck.

Any ideas?

Thanks!



More information about the lvs-users mailing list