[lvs-users] Help with LVS NAT and RHEL5.8

Malcolm Turnbull malcolm at loadbalancer.org
Thu Jul 26 18:43:41 BST 2012


Yes, David is right it is working as expected Full-NAT i.e. source IP
If you want the real servers/backend servers to have Internet access
as well then you will need an iptables masquerade rule or something
similar for the outgoing traffic.

LVS Half-Nat or SNAT is in mainline kernel, the old way of patching is
described here:

But to be honest if you want SNAT/proxy you'd be better off using
HAProxy which is well tested for that purpose...

On 26 July 2012 18:23, David Coulson <david at davidcoulson.net> wrote:
> On 7/26/12 12:40 PM, Liu, William wrote:
> > Hi,
> >
> > I am a problem with LVS NAT configuration where the packets do not look like they are being masqueraded by LVS.   Here's my setup:
> >
> > LVS server has 3 interfaces: primary, nat_router, virtual IP
> > -primary
> > - nat router
> > - virtual IP, port 80
> >                  |---- (Real server)
> >
> > A client ( connects to on port 80 never gets a response back.  What I see on Real sever ( on tcpdump is :
> > 16:35:08.103968 IP > S 1718115488:1718115488(0) win 5840 <mss 1460,sackOK,timestamp 500867550 0,nop,wscale 7>
> >
> > This shows source IP of the client and NOT from LVS.  I presume in NAT mode, the source IP should be of the "nat router?"  From my understanding LVS should have done the header masquerading?  I shouldn't have to use IPtables?  Please let me know what I have to do for this function to work?
> There is a SNAT patch for LVS out on the Internet somewhere, but it is
> not supported by RedHat. With RHEL, none of the three (DR,NAT, TUN)
> mechanisms modify the source IP of the packets.
> If you use LVS-NAT, you need to make sure the real server routes the
> packet back through the LVS director so the 'un-NAT' can happen
> correctly before the request goes back to the client.
> David
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> Send requests to lvs-users-request at LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users


Malcolm Turnbull.

Loadbalancer.org Ltd.
Phone: +44 (0)870 443 8779

More information about the lvs-users mailing list