Hi, Yes, with the SNAT on the real server you should be fine.
Best Regards Martin On 2015-02-02 10:12, Yonghua Peng wrote: > Martin, > > What I meant is, the incoming packages implement DNAT by LVS, then > forward to realserver. > The outgoing packages implement SNAT, then forward to client. > Since host A and B have the same VIP (managed by OSPF), after the > SNAT, > the packages seem to be from the same host. Client shouldn't drop > them. > > Am I right? > Thanks. > > > Martin Wheldon wrote: >> Hi, >> >> The DNAT would still need to be reversed. The client will otherwise >> drop >> the packet as it won't be from the host it started the connection >> with. >> >> Best Regards >> >> Martin >> >> On 2015-02-02 09:59, Yonghua Peng wrote: >>> If it's just a DNAT forwarding for the incoming packet, I don't >>> think >>> LVS host has to keep the status of the connection. >>> I am probably wrong, just by curious. And I will test for it. >>> >>> Thanks. >>> >>> Martin Wheldon wrote: >>>> Hi, >>>> >>>> Because there will be no entry in the NAT table on the second host >>>> so >>>> it won't know how to deal with the return packet. >>>> >>>> Best Regards >>>> >>>> Martin >>>> >>>> On 2015-02-02 09:06, Yonghua Peng wrote: >>>>> Can you tell me why the realserver should use host A as the >>>>> gateway? >>>>> since host A and B have the same configure, and share the same >>>>> VIP, >>>>> I >>>>> was thinking both A and B can be setup as the gateway. >>>>> >>>>> Thanks. >>>>> >>>>> Ivan Havlicek wrote: >>>>>> No, if a transaction start via LVS host A, the realserver need >>>>>> to >>>>>> use >>>>>> this host as gateway to respond. >>>>>> This is the normal for a NAT. >>>>> >>>>> _______________________________________________ >>>>> Please read the documentation before posting - it's available at: >>>>> http://www.linuxvirtualserver.org/ >>>>> >>>>> LinuxVirtualServer.org mailing list - >>>>> lvs-users@LinuxVirtualServer.org >>>>> Send requests to lvs-users-requ...@linuxvirtualserver.org >>>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users >>>>> >>>>> >>>> >>>> >>>> _______________________________________________ >>>> Please read the documentation before posting - it's available at: >>>> http://www.linuxvirtualserver.org/ >>>> >>>> LinuxVirtualServer.org mailing list - >>>> lvs-users@LinuxVirtualServer.org >>>> Send requests to lvs-users-requ...@linuxvirtualserver.org >>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users >>>> >>> >>> _______________________________________________ >>> Please read the documentation before posting - it's available at: >>> http://www.linuxvirtualserver.org/ >>> >>> LinuxVirtualServer.org mailing list - >>> lvs-users@LinuxVirtualServer.org >>> Send requests to lvs-users-requ...@linuxvirtualserver.org >>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users >>> >>> >> >> >> _______________________________________________ >> Please read the documentation before posting - it's available at: >> http://www.linuxvirtualserver.org/ >> >> LinuxVirtualServer.org mailing list - >> lvs-users@LinuxVirtualServer.org >> Send requests to lvs-users-requ...@linuxvirtualserver.org >> or go to http://lists.graemef.net/mailman/listinfo/lvs-users >> > > _______________________________________________ > Please read the documentation before posting - it's available at: > http://www.linuxvirtualserver.org/ > > LinuxVirtualServer.org mailing list - > lvs-users@LinuxVirtualServer.org > Send requests to lvs-users-requ...@linuxvirtualserver.org > or go to http://lists.graemef.net/mailman/listinfo/lvs-users > > !DSPAM:31,54cf4d55101351582769714! _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users