James R. Leu wrote:
For locally originated connections that do not bind to an interface you can use the SNAT target of iptables.iptables -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.1.3
There's another problem with using cluster ip for outgoing address: if it fails over in the middle of a connection. The other node will start getting packets for a connection that doesn't exist on that node.
First, the default iptables rules: "accept established" won't let them through since it's not "established" on the new node. If you get around that, client software isn't there or isn't in the state to process those packets.
Dima _______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
