Hi Priscilla,
I'm building a small communicating process migration tool: you telnet
a server
from A; you checkpoint the process (execution and communication),
migrate
theses checkpointed images to from A to B; restore the process in B and
everything stays as the same in A.
The main problem here is that IP has no mobility skills in its pure
form.
The idea I had was to configurate an alias for eth0, so my NIC can
answer for
two IPs: eth0 and eth0:0. For testing my tool, I'm using a small
cluster with 6
nodes + front-end. So, only one node at a time has the eth0:0 up
because this
virtual interface is also migrated. For that, the connections wuold be
identified by IP_telnerServer, IP_eth0:0; PORT_telnetServer,
PORT_'eth0:0'.
But, as usual, all the traffic is routed through default gw route. All
I wanted
to do is build up a rule (by /sbin/route ou by iptables) that forces
traffic go
go out through eth0:0. I realised that if I make all the traffic go
out by
eth0:0 and migrate eth0:0 in some time later, I'll be screwing all
other
process' communication, right? So I thought about iptables. But all
source Ip
mangling stuff is done with SNAT. To me, it's not useful because NAT
rules only
are checked for new connections. And I'm migrating a connection which,
in
theory, remains the same.
You can't route any traffic on a virtual interface in that sense -
eth0:0 *is*
eth0, it's just a work around for some tools that do not support
multiple IPs
per interface.
The nat table will see each connection only once, however, I assume
(don't know!)
that that's a conntrack thing, so in case your conntrack hasn't seen
the packet
yet, it will pass the nat.
So after this bla bla bla, the question is: how can I change source ip
without
using SNAT?
You can't. At least not using an unmodified iptables/netfilter.
Baltasar
--
Baltasar Cevc
_____ former 03 gmbh
_____ infanteriestraße 19 haus 6 eg
_____ D-80797 muenchen
_____ http://www.former03.de
