SNAT on the real server? sorry but I was thinking the SNAT is implemented by LVS, for the returned back packages.
Martin Wheldon wrote: > Hi, > > Yes, with the SNAT on the real server you should be fine. > > Best Regards > > Martin > > On 2015-02-02 10:12, Yonghua Peng wrote: >> Martin, >> >> What I meant is, the incoming packages implement DNAT by LVS, then >> forward to realserver. >> The outgoing packages implement SNAT, then forward to client. >> Since host A and B have the same VIP (managed by OSPF), after the >> SNAT, >> the packages seem to be from the same host. Client shouldn't drop >> them. >> >> Am I right? >> Thanks. >> >> >> Martin Wheldon wrote: >>> Hi, >>> >>> The DNAT would still need to be reversed. The client will otherwise >>> drop >>> the packet as it won't be from the host it started the connection >>> with. >>> >>> Best Regards >>> >>> Martin >>> >>> On 2015-02-02 09:59, Yonghua Peng wrote: >>>> If it's just a DNAT forwarding for the incoming packet, I don't >>>> think >>>> LVS host has to keep the status of the connection. >>>> I am probably wrong, just by curious. And I will test for it. >>>> >>>> Thanks. >>>> >>>> Martin Wheldon wrote: >>>>> Hi, >>>>> >>>>> Because there will be no entry in the NAT table on the second host >>>>> so >>>>> it won't know how to deal with the return packet. >>>>> >>>>> Best Regards >>>>> >>>>> Martin >>>>> >>>>> On 2015-02-02 09:06, Yonghua Peng wrote: >>>>>> Can you tell me why the realserver should use host A as the >>>>>> gateway? >>>>>> since host A and B have the same configure, and share the same >>>>>> VIP, >>>>>> I >>>>>> was thinking both A and B can be setup as the gateway. >>>>>> >>>>>> Thanks. >>>>>> >>>>>> Ivan Havlicek wrote: >>>>>>> No, if a transaction start via LVS host A, the realserver need >>>>>>> to >>>>>>> use >>>>>>> this host as gateway to respond. >>>>>>> This is the normal for a NAT. >>>>>> >>>>>> _______________________________________________ >>>>>> Please read the documentation before posting - it's available at: >>>>>> http://www.linuxvirtualserver.org/ >>>>>> >>>>>> LinuxVirtualServer.org mailing list - >>>>>> lvs-users@LinuxVirtualServer.org >>>>>> Send requests to lvs-users-requ...@linuxvirtualserver.org >>>>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users >>>>>> >>>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Please read the documentation before posting - it's available at: >>>>> http://www.linuxvirtualserver.org/ >>>>> >>>>> LinuxVirtualServer.org mailing list - >>>>> lvs-users@LinuxVirtualServer.org >>>>> Send requests to lvs-users-requ...@linuxvirtualserver.org >>>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users >>>>> >>>> >>>> _______________________________________________ >>>> Please read the documentation before posting - it's available at: >>>> http://www.linuxvirtualserver.org/ >>>> >>>> LinuxVirtualServer.org mailing list - >>>> lvs-users@LinuxVirtualServer.org >>>> Send requests to lvs-users-requ...@linuxvirtualserver.org >>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users >>>> >>>> >>> >>> >>> _______________________________________________ >>> Please read the documentation before posting - it's available at: >>> http://www.linuxvirtualserver.org/ >>> >>> LinuxVirtualServer.org mailing list - >>> lvs-users@LinuxVirtualServer.org >>> Send requests to lvs-users-requ...@linuxvirtualserver.org >>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users >>> >> >> _______________________________________________ >> Please read the documentation before posting - it's available at: >> http://www.linuxvirtualserver.org/ >> >> LinuxVirtualServer.org mailing list - >> lvs-users@LinuxVirtualServer.org >> Send requests to lvs-users-requ...@linuxvirtualserver.org >> or go to http://lists.graemef.net/mailman/listinfo/lvs-users >> >> !DSPAM:31,54cf4d55101351582769714! > > > _______________________________________________ > Please read the documentation before posting - it's available at: > http://www.linuxvirtualserver.org/ > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org > Send requests to lvs-users-requ...@linuxvirtualserver.org > or go to http://lists.graemef.net/mailman/listinfo/lvs-users > _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users