02.04.2015 18:17, Dennis Jacobfeuerborn пишет:
On 02.04.2015 06:22, Dmitry Melekhov wrote:
02.04.2015 01:58, Pascal Hambourg пишет:
Dmitry Melekhov a écrit :
I'm trying to do DNAT/SNAT on the same host with connmark and can't get
it working.
My host has static ip 192.168.22.252 and it can get address
192.168.22.99 from VRRP, so bind doesn't listen on 192.168.22.99,
Why not ?
because there is no such address on interface, it becomes available only
at VRRP state change to master :-)
Have you tried using /proc/sys/net/ipv4/ip_nonlocal_bind? Then you could
bind to that address even if it isn't configured yet.
Thank you very much, this helps :-)
I didn't know about this option.
Turned it on, changed bind to
listen-on { 192.168.22.99; any; };
and it works :-)
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
