On Wed, 2011-03-09 at 15:18 -0800, George B. wrote: > So, basically, I want to take an incoming packet, destination NAT to the > desired real server, and source NAT the packet from a pool of IP addresses > on the LVS to ensure the traffic gets routed back to it. > > Can LVS do that?
The source NAT would be iptables job. Sidestepping the question of iptables SNAT working with LVS connections, which is a general topic by itself, such "address pooling" can be done by making several iptables rules in the nat POSTROUTING chain, each of them matching by some criteria a subset of all traffic. I use both of the following schemes, in an outbound (non-LVS) scenario, the first one where I want a real source to always be represented by a fixed specific changed source address, the second one where I want even a single source to use several outgoing source addresses randomly, per connection: By source IP address, four-way, looking at the last two bits of the real source: -A POSTROUTING -s 0.0.0.0/0.0.0.3 -j SNAT --to-source 1.2.3.1 -A POSTROUTING -s 0.0.0.1/0.0.0.3 -j SNAT --to-source 1.2.3.2 -A POSTROUTING -s 0.0.0.2/0.0.0.3 -j SNAT --to-source 1.2.3.3 -A POSTROUTING -s 0.0.0.3/0.0.0.3 -j SNAT --to-source 1.2.3.4 By IP Id, eight way -A POSTROUTING -m u32 --u32 0x2&7=0x0 -j SNAT --to-source 1.2.4.1 -A POSTROUTING -m u32 --u32 0x2&7=0x1 -j SNAT --to-source 1.2.4.2 -A POSTROUTING -m u32 --u32 0x2&7=0x2 -j SNAT --to-source 1.2.4.3 -A POSTROUTING -m u32 --u32 0x2&7=0x3 -j SNAT --to-source 1.2.4.4 -A POSTROUTING -m u32 --u32 0x2&7=0x4 -j SNAT --to-source 1.2.4.5 -A POSTROUTING -m u32 --u32 0x2&7=0x5 -j SNAT --to-source 1.2.4.6 -A POSTROUTING -m u32 --u32 0x2&7=0x6 -j SNAT --to-source 1.2.4.7 -A POSTROUTING -m u32 --u32 0x2&7=0x7 -j SNAT --to-source 1.2.4.8 hope this helps Patrick _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
