SNAT / Masquerading problems using LVS-NAT

Julian Anastasov ja at ssi.bg
Thu Apr 19 00:06:47 BST 2007 

	Hello,

On Wed, 18 Apr 2007, Rudd, Michael wrote:

> So I send my DNS query to my VIP on my directors. It gets routed to a
> realserver which I've attached the vip to bond1.201:0. According to
> others I've talked to I shouldn't need an iptables rule but I still
> don't see the packet out with the source ip address of the VIP. I see
> the packet with the source IP of the actual realserver. Its possible it
> is a routing issue though so I plan on digging deeper on that today. 

	For LVS-DR reply should be generated in real server with src=VIP.
If you ask the question for LVS-NAT then with OPS you will need the
iptables SNAT rule because IPVS does not recognize replies. But I have
never tested such setup. Without OPS you don't need iptables SNAT rule, 
IPVS translates the source address.

> Should I need an iptables rule at all for LVS-DR? 

	No, reply goes directly from real server to client.

Regards

--
Julian Anastasov <ja at ssi.bg>

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list