Hi, I think he's talking about IPVS FULLNAT from this link :
http://kb.linuxvirtualserver.org/wiki/IPVS_FULLNAT_and_SYNPROXY Sébastien ROHAUT -----Message d'origine----- Hello, Stefan Bauer wrote: : according to latest stable kernel and : : net/netfilter/ipvs/ip_vs_conn.c [...] : there is still no support for Full-NAT in Kernel right? Or is this something i have to do in userland? What do you mean by Full-NAT? Is it similar to what you get when you use a user-space reverse proxy? I have been looking for this a month ago - my real servers are on a different network than my IPVS redirector and run a non-Linux OS, so things like tunnelling are hard to do there. I have discovered that using IPVS with masq method and rewriting the source address in iptables did exactly what I wanted. I use the following configuration: for ldirectord: virtual=virtualip:srvport real=realserver1:srvport masq 100 real=realserver2:srvport masq 100 [... scheduler and other parameters omitted for brevity ...] for iptables: iptables -t nat -A POSTROUTING -d realserver1 \ -p tcp --dport srvport -j MASQUERADE iptables -t nat -A POSTROUTING -d realserver2 \ -p tcp --dport srvport -j MASQUERADE Is this what you are looking for? -Yenya -- | Jan "Yenya" Kasprzak <kas at {fi.muni.cz - work | yenya.net - | private}> | New GPG 4096R/A45477D5 - see http://www.fi.muni.cz/~kas/pgp-rollover.txt | | http://www.fi.muni.cz/~kas/ Journal: http://www.fi.muni.cz/~kas/blog/ | Please don't top post and in particular don't attach entire digests to your mail or we'll all soon be using bittorrent to read the list. --Alan Cox _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users ------- Ce message et toutes les pièces jointes sont établis à l'intention exclusive de ses destinataires et sont confidentiels. L'intégrité de ce message n'étant pas assurée sur Internet, la SNCF ne peut être tenue responsable des altérations qui pourraient se produire sur son contenu. Toute publication, utilisation, reproduction, ou diffusion, même partielle, non autorisée préalablement par la SNCF, est strictement interdite. Si vous n'êtes pas le destinataire de ce message, merci d'en avertir immédiatement l'expéditeur et de le détruire. ------- This message and any attachments are intended solely for the addressees and are confidential. SNCF may not be held responsible for their contents whose accuracy and completeness cannot be guaranteed over the Internet. Unauthorized use, disclosure, distribution, copying, or any part thereof is strictly prohibited. If you are not the intended recipient of this message, please notify the sender immediately and delete it. _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users
