On Fri, September 5, 2008 12:01, Julius Volz wrote: > On Fri, Sep 5, 2008 at 6:01 PM, David Dyer-Bennet <[EMAIL PROTECTED]> wrote:
>> Documentation note: I've been reading "NAT" as referring to the other >> Linux network service in netfilter, rather than as a more generic use of >> the term. I'd suggest making this a bit clearer in the documentation -- >> that LVS NAT does NOT use the normal Linux NAT that people have mostly >> at >> least heard of. > > Might be a good idea (don't know who can do this, though)... Maybe I'll understand things well enough when I get this working to deal with it. I'm actually a pretty decent technical writer for a software engineer. I've thought enough grouchy things about the documentation this last month that it makes sense for me to try to get written some of the things I've wished existed along the way. >> Does it conflict with setting up regular NAT to support outbound >> connections originating from the realservers (such as to a database)? >> Does it block routing to external addresses other than through the NAT >> entries? And where can I see those entries (I don't see any way to list >> them with ipvsadm which is the only tool I know to talk to ip_vs). > > It shouldn't interfere much with non-IPVS things (others, correct me > if I'm wrong). If IPVS doesn't recognize a packet as belonging to an > IPVS connection/service, the packet is just processed as normal. Tried it. Seems to work like a charm; I can now ping and ssh out from the realservers, and incoming requests to the service address still get routed through correctly. If anybody knows some reason this is a bad idea do please mention it sooner rather than later though :-) ! (Specifically, I did "iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE" on the LVS host; eth0 connects to the corporate LAN, eth1 goes to the private LVS lan.) -- David Dyer-Bennet, [EMAIL PROTECTED]; http://dd-b.net/ Snapshots: http://dd-b.net/dd-b/SnapshotAlbum/data/ Photos: http://dd-b.net/photography/gallery/ Dragaera: http://dragaera.info _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
