Re: [lvs-users] Best way to use source NAT?

Julian Anastasov Sun, 08 Nov 2015 01:33:07 -0800

        Hello,

On Thu, 5 Nov 2015, Michael Schwartzkopff wrote:


> Hi,
> 
> I found several ways to implement source NAT on the LVS. What is the state of 
> the art way to do this? Using plain iptables or use the ipvs module of 
> iptables?
> 
> As far as I understood, with plain iptables, I need to enable 
> net.vs.conntrack?

        Yes, if Netfilter's conntrack is enabled the faster
option for IPVS is to also enable net.vs.conntrack [1]. It allows
stateful filtering (-m state) and iptables NAT. There is even
specific match for IPVS: net/netfilter/xt_ipvs.c (-m ipvs).

[1] http://marc.info/?t=134728825000003&r=1&w=2

Regards

--
Julian Anastasov <j...@ssi.bg>

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-requ...@linuxvirtualserver.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

Re: [lvs-users] Best way to use source NAT?

Reply via email to