[lvs-users] full-nat support in mainline kernel?

ROHAUT Sébastien (EXT GFI) ext.gfi.sebastien.rohaut at sncf.fr
Fri Feb 1 09:56:25 GMT 2013


I think he's talking about IPVS FULLNAT from this link :


Sébastien ROHAUT

-----Message d'origine-----


Stefan Bauer wrote:
: according to latest stable kernel and
: net/netfilter/ipvs/ip_vs_conn.c
: there is still no support for Full-NAT in Kernel right? Or is this something i have to do in userland?

	What do you mean by Full-NAT? Is it similar to what you get when you use a user-space reverse proxy? I have been looking for this a month ago - my real servers are on a different network than my IPVS redirector and run a non-Linux OS, so things like tunnelling are hard to do there.

	I have discovered that using IPVS with masq method and rewriting the source address in iptables did exactly what I wanted. I use the following configuration:

for ldirectord:

	real=realserver1:srvport masq 100
	real=realserver2:srvport masq 100
	[... scheduler and other parameters omitted for brevity ...]

for iptables:

iptables -t nat -A POSTROUTING -d realserver1 \
	-p tcp --dport srvport -j MASQUERADE
iptables -t nat -A POSTROUTING -d realserver2 \
	-p tcp --dport srvport -j MASQUERADE

Is this what you are looking for?


| Jan "Yenya" Kasprzak  <kas at {fi.muni.cz - work | yenya.net - 
| private}> | New GPG 4096R/A45477D5 - see http://www.fi.muni.cz/~kas/pgp-rollover.txt |
| http://www.fi.muni.cz/~kas/    Journal: http://www.fi.muni.cz/~kas/blog/ |
Please don't top post and in particular don't attach entire digests to your
mail or we'll all soon be using bittorrent to read the list.     --Alan Cox

Please read the documentation before posting - it's available at:

LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org Send requests to lvs-users-request at LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Ce message et toutes les pièces jointes sont établis à l'intention exclusive de ses destinataires et sont confidentiels. L'intégrité de ce message n'étant pas assurée sur Internet, la SNCF ne peut être tenue responsable des altérations qui pourraient se produire sur son contenu. Toute publication, utilisation, reproduction, ou diffusion, même partielle, non autorisée préalablement par la SNCF, est strictement interdite. Si vous n'êtes pas le destinataire de ce message, merci d'en avertir immédiatement l'expéditeur et de le détruire.
This message and any attachments are intended solely for the addressees and are confidential. SNCF may not be held responsible for their contents whose accuracy and completeness cannot be guaranteed over the Internet. Unauthorized use, disclosure, distribution, copying, or any part thereof is strictly prohibited. If you are not the intended recipient of this message, please notify the sender immediately and delete it. 

More information about the lvs-users mailing list