Hi, The SNAT could be configured on either the LVS node or the real server.
Best Regards Martin On 2015-02-02 10:29, Yonghua Peng wrote: > SNAT on the real server? > sorry but I was thinking the SNAT is implemented by LVS, for the > returned back packages. > > Martin Wheldon wrote: >> Hi, >> >> Yes, with the SNAT on the real server you should be fine. >> >> Best Regards >> >> Martin >> >> On 2015-02-02 10:12, Yonghua Peng wrote: >>> Martin, >>> >>> What I meant is, the incoming packages implement DNAT by LVS, then >>> forward to realserver. >>> The outgoing packages implement SNAT, then forward to client. >>> Since host A and B have the same VIP (managed by OSPF), after the >>> SNAT, >>> the packages seem to be from the same host. Client shouldn't drop >>> them. >>> >>> Am I right? >>> Thanks. >>> >>> >>> Martin Wheldon wrote: >>>> Hi, >>>> >>>> The DNAT would still need to be reversed. The client will >>>> otherwise >>>> drop >>>> the packet as it won't be from the host it started the connection >>>> with. >>>> >>>> Best Regards >>>> >>>> Martin >>>> >>>> On 2015-02-02 09:59, Yonghua Peng wrote: >>>>> If it's just a DNAT forwarding for the incoming packet, I don't >>>>> think >>>>> LVS host has to keep the status of the connection. >>>>> I am probably wrong, just by curious. And I will test for it. >>>>> >>>>> Thanks. >>>>> >>>>> Martin Wheldon wrote: >>>>>> Hi, >>>>>> >>>>>> Because there will be no entry in the NAT table on the second >>>>>> host >>>>>> so >>>>>> it won't know how to deal with the return packet. >>>>>> >>>>>> Best Regards >>>>>> >>>>>> Martin >>>>>> >>>>>> On 2015-02-02 09:06, Yonghua Peng wrote: >>>>>>> Can you tell me why the realserver should use host A as the >>>>>>> gateway? >>>>>>> since host A and B have the same configure, and share the same >>>>>>> VIP, >>>>>>> I >>>>>>> was thinking both A and B can be setup as the gateway. >>>>>>> >>>>>>> Thanks. >>>>>>> >>>>>>> Ivan Havlicek wrote: >>>>>>>> No, if a transaction start via LVS host A, the realserver need >>>>>>>> to >>>>>>>> use >>>>>>>> this host as gateway to respond. >>>>>>>> This is the normal for a NAT. >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Please read the documentation before posting - it's available >>>>>>> at: >>>>>>> http://www.linuxvirtualserver.org/ >>>>>>> >>>>>>> LinuxVirtualServer.org mailing list - >>>>>>> lvs-users@LinuxVirtualServer.org >>>>>>> Send requests to lvs-users-requ...@linuxvirtualserver.org >>>>>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Please read the documentation before posting - it's available >>>>>> at: >>>>>> http://www.linuxvirtualserver.org/ >>>>>> >>>>>> LinuxVirtualServer.org mailing list - >>>>>> lvs-users@LinuxVirtualServer.org >>>>>> Send requests to lvs-users-requ...@linuxvirtualserver.org >>>>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users >>>>>> >>>>> >>>>> _______________________________________________ >>>>> Please read the documentation before posting - it's available at: >>>>> http://www.linuxvirtualserver.org/ >>>>> >>>>> LinuxVirtualServer.org mailing list - >>>>> lvs-users@LinuxVirtualServer.org >>>>> Send requests to lvs-users-requ...@linuxvirtualserver.org >>>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users >>>>> >>>>> >>>> >>>> >>>> _______________________________________________ >>>> Please read the documentation before posting - it's available at: >>>> http://www.linuxvirtualserver.org/ >>>> >>>> LinuxVirtualServer.org mailing list - >>>> lvs-users@LinuxVirtualServer.org >>>> Send requests to lvs-users-requ...@linuxvirtualserver.org >>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users >>>> >>> >>> _______________________________________________ >>> Please read the documentation before posting - it's available at: >>> http://www.linuxvirtualserver.org/ >>> >>> LinuxVirtualServer.org mailing list - >>> lvs-users@LinuxVirtualServer.org >>> Send requests to lvs-users-requ...@linuxvirtualserver.org >>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users >>> >>> >> >> >> _______________________________________________ >> Please read the documentation before posting - it's available at: >> http://www.linuxvirtualserver.org/ >> >> LinuxVirtualServer.org mailing list - >> lvs-users@LinuxVirtualServer.org >> Send requests to lvs-users-requ...@linuxvirtualserver.org >> or go to http://lists.graemef.net/mailman/listinfo/lvs-users >> > > _______________________________________________ > Please read the documentation before posting - it's available at: > http://www.linuxvirtualserver.org/ > > LinuxVirtualServer.org mailing list - > lvs-users@LinuxVirtualServer.org > Send requests to lvs-users-requ...@linuxvirtualserver.org > or go to http://lists.graemef.net/mailman/listinfo/lvs-users > > !DSPAM:31,54cf5115101352002713398! _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users