[H-GEN] Iptables DNAT and SNAT
Conor Cunningham
cunningtek at optusnet.com.au
Mon Oct 23 09:23:47 EDT 2006
Hi All,
I'm currently working on a project in Norway which involves a lot of
Linux boxes.The current setup is as follows.
Load Balancer (LVS) ----> Front End Machines -------> Back End Machines.
I am currently charged with directing TCP traffic, which arrives from
the load balancer to the front end on port 3717. I would like to get
this traffic to the back end machines on TCP port 3717 and then (this is
where I'm a bit stuck) back out to the load balancer.
Currently on the front end machines I have the following rule.
iptables -t nat -I PREROUTING -p tcp --dport 3717 -j DNAT
--to-destination 192.168.2.181
192.168.2.181 (being the back end VIP)
Currently I can not see any traffic getting to the back end machine, but
I'm sure that is something I can iron out myself (although, if one does
feel the need to enlighten me upon discovering an error, please put me
out of my misery), however, the question I would like to put to you is
the following:
Do I need an extra rule, perhaps a SNAT rule to get the traffic back
from the back end network (TCP 3717) to the load balancer via the front
end and to the client which will have sent the original TCP request?
Any help is greatly appreciated.
Cheers,
Conor
P.S. For those interested in cold weather, skiiing and expensive beer,
Norway is currently struggling terribly to find skilled and highly
skilled Java programmers, linux folk and oracle nerds. There are plenty
of jobs going around and the language is no barrier.
More information about the General
mailing list