[lvs-users] full-nat support in mainline kernel?

Jan Kasprzak kas at fi.muni.cz
Fri Feb 1 09:49:12 GMT 2013


	Hello,

Stefan Bauer wrote:
: according to latest stable kernel and
: 
: net/netfilter/ipvs/ip_vs_conn.c
[...] 
: there is still no support for Full-NAT in Kernel right? Or is this something i have to do in userland?

	What do you mean by Full-NAT? Is it similar to what you get when
you use a user-space reverse proxy? I have been looking for this a month
ago - my real servers are on a different network than my IPVS redirector
and run a non-Linux OS, so things like tunnelling are hard to do there.

	I have discovered that using IPVS with masq method and rewriting
the source address in iptables did exactly what I wanted. I use the
following configuration:

for ldirectord:

virtual=virtualip:srvport
	real=realserver1:srvport masq 100
	real=realserver2:srvport masq 100
	[... scheduler and other parameters omitted for brevity ...]

for iptables:

iptables -t nat -A POSTROUTING -d realserver1 \
	-p tcp --dport srvport -j MASQUERADE
iptables -t nat -A POSTROUTING -d realserver2 \
	-p tcp --dport srvport -j MASQUERADE

Is this what you are looking for?

-Yenya

-- 
| Jan "Yenya" Kasprzak  <kas at {fi.muni.cz - work | yenya.net - private}> |
| New GPG 4096R/A45477D5 - see http://www.fi.muni.cz/~kas/pgp-rollover.txt |
| http://www.fi.muni.cz/~kas/    Journal: http://www.fi.muni.cz/~kas/blog/ |
Please don't top post and in particular don't attach entire digests to your
mail or we'll all soon be using bittorrent to read the list.     --Alan Cox




More information about the lvs-users mailing list