Problems with LVS+heartbeat+ldirectord+iptables w/ SNAT/DNAT

Ordway, Ryan Ryan.Ordway at oregonstate.edu
Wed Jan 31 22:30:28 GMT 2007 

> -----Original Message-----
> From: lvs-users-bounces at LinuxVirtualServer.org [mailto:lvs-users-
> bounces at LinuxVirtualServer.org] On Behalf Of Siim Põder
> Sent: Wednesday, January 31, 2007 4:37 AM
> To: LinuxVirtualServer.org users mailing list.
> Subject: Re: Problems with LVS+heartbeat+ldirectord+iptables w/ SNAT/DNA

> Ordway, Ryan wrote:
> >> But then, of course when I get a connection on 192.168.1.100, the
> >> director sends the packets to the real server, the real server shoots
> >> back its response, but the POSTROUTING rule rewrites the source to the
> >> "direct" IP, 192.168.1.3 instead of the load balanced IP. I just
> > haven't
> >> figured out a simple way to change the SNAT address depending on the
> >> source of the initial communication, the virtual IP.
> 
> Should be a fairly standard module:
> 
> iptables -m conntrack --ctorigdst ...
> 
> Helps?

Perhaps... would that work with SNAT? For example, if I did

iptables -A POSTROUTING -s 10.0.0.3 ! -d 10.0.0.0/24 -m conntrack --ctorigdst ! 192.168.1.100 -j SNAT --to-source 192.168.1.3

should that only perform the SNAT if the original destination is 192.168.1.100? Does the conntrack status survive when the packet goes off to 10.0.0.3 and comes back? 

I've also tried using MARK to mark the packets destined for 192.168.1.100 and then use -m mark to exclude those packets from the SNAT, which doesn't seem to work either.

Any ideas?

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list