Herbert Poetzl wrote:
On Tue, Sep 06, 2005 at 07:04:46PM +0200, Yann Dupont wrote:
yes, the local table is _very_ special and entries there
are handled special too ...
Yes I saw this... better not touch them I'm afraid :(
IS there someone here that has a slight idea how to solve that kind of
problem ??
you might have a look at the thread around this one:
http://list.linux-vserver.org/archive/vserver/msg09838.html
Already done, but It doesn't work ,alas. The problem is not when first
vserver emits the packets, but when the 2nd try to reply to him. The
general default route is on the administrative side. (and I have tables
where a packet emitted by the vserver from The @IP of the LVS side go to
the LVS)
And all my vservers have to be reachable on their internal network too -
not from cluster (think ldap replication, for exemple)
I've tried since yesterday, playing with SNAT,DNAT,PREROUTING & POSTROUTING
In fact what I really Need IS a SNAT on PREROUTING. Seems curious, but
it can't be done ... :-)
As this is a re-entrance of a connection, what is needed is really to
change the source in case it match a local @IP on the other interface.
I hoped the mangle table could do this (instead of the nat table) but it
don't seems possible.
It's probably a question for the netfilter list.
I think the final answer will be SNAT on POSTROUTING, but on the
director (which is sad, because I'd like to keep all iptables thing in
the vservers pre-start scripts
Thanks for your answer,
Yann.
_______________________________________________
Vserver mailing list
[email protected]
http://list.linux-vserver.org/mailman/listinfo/vserver
