Netfilter connection tracking support for IPVS
Nicklas Bondesson
nicklas.bondesson at mindping.com
Fri Feb 23 23:02:51 GMT 2007
> Is the SNAT rule working without NFCT patch?
>
> Regards
>
> --
> Julian Anastasov <ja at ssi.bg>
No, this is why got my hands on the patch in the first place.
I have scenarios like this:
Request:
CLIENT -> VIP[with_public_ip_1] -> A_REAL_SERVER[private_ip_1]
Response:
A_REAL_SERVER[private_ip_1] -> VIP[with_public_ip_1] -> CLIENT
---
Request:
CLIENT -> VIP[with_public_ip_2] -> A_REAL_SERVER[private_ip_2]
Response:
A_REAL_SERVER[private_ip_2] -> VIP[with_public_ip_2] -> CLIENT
I'm not sure if i'm beeing clear here, but in simple words: the same public
ip address that the client uses to connect to the LVS should be used as
source ip in the response to the client.
I have multiple public ip addresses that i need to source nat.
The firewall is on the same box as the director.
Any pointers?
Thanks,
Nicklas
Search lvs-users Archives
More information about the lvs-users
mailing list