On Tue, Sep 29, 2009 at 16:51, Simon Horman <horms@xxxxxxxxxxxx> wrote: > On Tue, Sep 29, 2009 at 02:35:15PM +0200, Hannes Eder wrote: >> The following series implements full NAT support for IPVS. The >> approach is via a minimal change to IPVS (make friends with >> nf_conntrack) and adding a netfilter matcher, kernel- and user-space >> part, i.e. xt_ipvs and libxt_ipvs. > > Its a bit late in the day for me to review the code, but I have a few > quick comments. > >> >> Example usage: >> >> % ipvsadm -A -t 192.168.100.30:80 -s rr >> % ipvsadm -a -t 192.168.100.30:80 -r 192.168.10.20:80 -m >> # ... >> >> # Source NAT for VIP 192.168.100.30:80 >> % iptables -t nat -A POSTROUTING -m ipvs --vaddr 192.168.100.30/32 \ >> > --vport 80 -j SNAT --to-source 192.168.10.10 >> >> or SNAT-ing only a specific real server: >> >> % iptables -t nat -A POSTROUTING --dst 192.168.11.20 \ >> > -m ipvs --vaddr 192.168.100.30/32 -j SNAT --to-source 192.168.10.10 > > If the iptables rule is not in place does LVS just use > its old NAT behaviour? Yes, without iptables rules LVS NAT does DNAT. >> First of all, thanks for all the feedback. This is the changelog for v2: >> >> - Make ip_vs_ftp work again. Setup nf_conntrack expectations for >> related data connections (based on Julian's patch see >> http://www.ssi.bg/~ja/nfct/) and let nf_conntrack/nf_nat do the >> packet mangling and the TCP sequence adjusting. >> >> This change rises the question how to deal with ip_vs_sync? Does it >> work together with conntrackd? Wild idea: what about getting rid of >> ip_vs_sync and piggy packing all on nf_conntrack and use conntrackd? >> >> Any comments on this? > > That sounds like a reasonable suggestion. > > I think that ip_vs_sync came along before conntrackd > and no one has given much thought to merging the functionality. Okay, I'll dig further in this direction. Cheers, -Hannes -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
