Hi,
I need to modify the reply packets of one web server to allow the
connections between a webserver and client using a load balancer.
The client connections goes to a load balancer, the load balancer
forwards the connection to a one web server changing the destination ip,
the web server anwser the client with it's own ip address without
passing again for the load balancer. In order to stablish the
connection, the client needs to receive the web server answer with the
correct ip address (in this case, the load balancer VIP address), in
other case it receives ACK that it doesn't know about it and the
connections is not ESTABLISHED.
I've doing some testing and seems that iptables only do SNAT on NEW
connections, and I need to change the ip address of replied packets.
Anybody know some workaround? If anobody do not know some workaround can
you confirm that it's not posible to do this with iptables?
I've tried the next ip tables rules and only work when I do NEW
connections from the web server.
-A POSTROUTING -o br0 -s WE_SERVER_ADDR -p tcp -m tcp --sport 80 --dport
1024:65535 -j SNAT --to-source LOAD_BALANCER_ADDR
Thanks in advance.
Isaac González
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
