On Thursday 10 April 2008 17:00:49 Jason Stubbs wrote: > On Wednesday 09 April 2008 23:27:24 Joseph Mack NA3T wrote: > > On Wed, 9 Apr 2008, Jason Stubbs wrote: > > > The best I can come up with is to apply the patch from below and then > > > run squid on the director. Is there a better way that I'm not seeing? > > > > this is as good as it gets. LVS wasn't designed to do this. > > It would be nice to have, but we don't have it. > > Moving ip_vs_in to the end of POSTROUTING and moving ip_vs_out to the start > of PREROUTING as in the attached patch seems to work and lets me do what I > want. LVS-NAT and SNAT are working both independently and in conjunction to > allow connections to VIPs from anywhere.
Well, SNAT works independently and LVS-NAT works in conjuction with SNAT but LVS-NAT isn't working on its own. I'll look into this and try and fix it, but the questions below still stand. :) > I haven't tested LVS-DR, LVS-TUN or localnode (although I think localnode > should still work) and am not so worried if they don't work. Are there any > other issues likely to arise with this patch? Is there any reason why LVS > didn't hook into (or near) those places in the first place? > > I understand that it'll likely never be accepted because it'd break pretty > much every existing installation (VIP on an interface would not make it to > IPVS)... I'm just wondering if there's any gotchas I might not be seeing > before I decided to put it into production. -- Jason Stubbs <[EMAIL PROTECTED]> LINKTHINK INC. 東京都渋谷区桜ヶ丘町22-14 N.E.S S棟 3F TEL 03-5728-4772 FAX 03-5728-4773 _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
