On Mon, 26 Nov 2007, Ben Hollingsworth wrote: > I don't think this is a one-network NAT, as those subnets don't > overlap.
I did have a quick look for this, but missed it. thanks > However, I did setup a one-network LVS-NAT just last week > that works fine. Our private network is a subset of our > public network, with the real servers using the gateway > VIP on the directors. The directors know nothing of SSH, > yet if a client tries to SSH directly to the private IP of > the real server, it succeeds, even though the packets take > a circuitous return trip through the directors. hmm. so with redirects etc off and the ipvsadm table still setup for one-network NAT (and no iptables or conntrack), then a packet RIP->CIP sent to default gw=VIP on the director, is not NAT'ed on the director, by the rules setup by ipvsadm, which would make the packet come out with src_addr=VIP and hence be refused by the client? I'm trying to figure out what the director would think it's supposed to do with such a packet; forward it or NAT it? I guess it depends on who gets first dibs on the packet, the forwarding rules or the NAT rules. This must be easy enough to look up. I wouldn't have said in the HOWTO that you couldn't connect directly CIP-RIP without having tested it. Maybe I flubbed the test. Maybe the behaviour is different using the netfilter framework for LVS, rather than the masquerading code back in the 2.0.x days when I ran the test. Joe -- Joseph Mack NA3T EME(B,D), FM05lw North Carolina jmack (at) wm7d (dot) net - azimuthal equidistant map generator at http://www.wm7d.net/azproj.shtml Homepage http://www.austintek.com/ It's GNU/Linux! _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
