On 17/01/11 23:51, GMail Isaac Gonzalez wrote:
Hi,
I know that doing the NAT in the firewall will do the trick, but the
problem is that the "firewall and webserver" and the load balancer are
in differents networks, then the webserver replies only goes through the
firewall, and not though the load balancer. On the other hand the
loadbalancer isn't a Linux box, then I can't not modify anything about
packets, moreover I can't do any kind of routing.
Slow down, read again Gáspár response. Think particularly carefully
about what the SNAT lines are doing there.
I'm fairly sure the LB will be capable of it somehow. If not, you have a
nice heater to sit your feet on in winter.
As a giant hack you could also do SNAT on the device(s) receiving
packets from the LB such that the reply packets get routed back through
the LB.
El 17/01/11 11:38, Gáspár Lajos escribió:
Hi,
You should do all of the NAT-ing ON THE LOAD BALANCER:
iptables -t nat -A PREROUTING -j DNAT -p tcp --dport 80
--to-destination WEBSERVER1 (some load balancing options here)
iptables -t nat -A PREROUTING -j DNAT -p tcp --dport 80
--to-destination WEBSERVER2 (some load balancing options here)
iptables -t nat -A POSTROUTING -j SNAT -p tcp --dport 80 -d WEBSERVER1
--to-source BALANCER_IP_ON_WEBSERVER1_NET
iptables -t nat -A POSTROUTING -j SNAT -p tcp --dport 80 -d WEBSERVER1
--to-source BALANCER_IP_ON_WEBSERVER2_NET
But some other rules may be in effect....
Swifty
AYJ
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
