02.04.2015 19:05, Dmitry Melekhov пишет:
02.04.2015 18:17, Dennis Jacobfeuerborn пишет:
On 02.04.2015 06:22, Dmitry Melekhov wrote:
02.04.2015 01:58, Pascal Hambourg пишет:
Dmitry Melekhov a écrit :
I'm trying to do DNAT/SNAT on the same host with connmark and
can't get
it working.
My host has static ip 192.168.22.252 and it can get address
192.168.22.99 from VRRP, so bind doesn't listen on 192.168.22.99,
Why not ?
because there is no such address on interface, it becomes available
only
at VRRP state change to master :-)
Have you tried using /proc/sys/net/ipv4/ip_nonlocal_bind? Then you could
bind to that address even if it isn't configured yet.
Thank you very much, this helps :-)
I didn't know about this option.
Turned it on, changed bind to
listen-on { 192.168.22.99; any; };
and it works :-)
Hmm, tried this once again- and doesn't work, looks like this is bind
problem, I guess I have to enumerate all interfaces, don't use any,
but there are more than 10 interfaces on this server, and I'm too lazy ;-)
So, looks like only solution is no force rndc reconfigure on vrrp state
change,
which I just implemented.
Very pity this can't be solved by using netfilter.
Thank you!
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
