Hi,
I have been trawling around the internet and your archives to try and find a solution to a problem getting SNAT to work with lvs, I have managed to get LVS working with the below configuration, however it doesn't touch the iptables POSTROUTING table for the SNAT to take affect. To prove this I have used tcpdump and seen the syn messages going to my real servers without being snatted. I have also enabled iptables logging on post routing but not a single log message appears, the PREROUTING table can see all packets though. I have seen similar questions in the mailing list but not a conclusive answer to get this working, I have also seen the guide on: http://blog.loadbalancer.org/enabling-snat-in-lvs-xt_ipvs-and-iptables/ which is basically what I have followed with my own IP's/Ports, without the kernel/iptables compiling. my basic configuration is: Fedora 16 Kernel - 3.1.0-7.fc16.i686 - confirmed the xt_ipvs module is there Iptables - 1.4.12-2.fc16.i686 Ipvsadm - 1.26-3.fc16.i686 I have configured 2 ip's as: 192.168.20.1/24 192.168.10.1/24 And run the following commands to configure the lvs/snat iptables -F -v ipvsadm -A -t 192.168.20.1:2001 -s rr ipvsadm -a -t 192.168.20.1:2001 -r 192.168.10.100:80 -m iptables -t nat -A POSTROUTING -m ipvs --vaddr 192.168.20.1/24 --vport 2001 -j SNAT --to-source 192.168.10.1 iptables -t nat -L shows Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination SNAT all - anywhere anywhere vaddr 192.168.20.0/24 vport 80 to:192.168.10.1 ipvsadm -ln displays IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.20.1:2001 rr -> 192.168.10.100:2001 Masq 1 0 0 I have attempted doing this using unused IP addresses however it doesn't accept any connections on the virtual servers. TCPDUMP shows 192.168.20.1 receiving the syn The syn being sent to 192.168.10.100 but the source still being 192.168.20.100 Thanks for your help James ********************************************************************** This e-mail from Ultra Electronics Limited and any attachments to it are confidential to the intended recipient and may also be privileged. If you have received it in error please notify the sender and delete it from your system. If you are not the intended recipient you must not copy it or use it for any purpose nor disclose or distribute its contents to any other person. All communications may be subject to interception or monitoring for operational and/or security purposes. Please rely on your own virus checking as the sender cannot accept any liability for any damage arising from any bug or virus infection. Ultra Electronics Limited is a company registered in England and Wales, registration number 2830644. The address of its registered office is 417 Bridport Road, Greenford, Middlesex, UB6 8UA. ********************************************************************** _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
