Hello,
Stefan Bauer wrote:
: according to latest stable kernel and
:
: net/netfilter/ipvs/ip_vs_conn.c
[...]
: there is still no support for Full-NAT in Kernel right? Or is this something
i have to do in userland?
What do you mean by Full-NAT? Is it similar to what you get when
you use a user-space reverse proxy? I have been looking for this a month
ago - my real servers are on a different network than my IPVS redirector
and run a non-Linux OS, so things like tunnelling are hard to do there.
I have discovered that using IPVS with masq method and rewriting
the source address in iptables did exactly what I wanted. I use the
following configuration:
for ldirectord:
virtual=virtualip:srvport
real=realserver1:srvport masq 100
real=realserver2:srvport masq 100
[... scheduler and other parameters omitted for brevity ...]
for iptables:
iptables -t nat -A POSTROUTING -d realserver1 \
-p tcp --dport srvport -j MASQUERADE
iptables -t nat -A POSTROUTING -d realserver2 \
-p tcp --dport srvport -j MASQUERADE
Is this what you are looking for?
-Yenya
--
| Jan "Yenya" Kasprzak <kas at {fi.muni.cz - work | yenya.net - private}> |
| New GPG 4096R/A45477D5 - see http://www.fi.muni.cz/~kas/pgp-rollover.txt |
| http://www.fi.muni.cz/~kas/ Journal: http://www.fi.muni.cz/~kas/blog/ |
Please don't top post and in particular don't attach entire digests to your
mail or we'll all soon be using bittorrent to read the list. --Alan Cox
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-requ...@linuxvirtualserver.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
