Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Linux Virtual Server>
  3. Users
[lvs-users] Best way to use source NAT?
ms at sys4
Nov 5, 2015, 12:30 AM
Post #1 of 2 (1107 views)
Permalink
Hi,

I found several ways to implement source NAT on the LVS. What is the state of
the art way to do this? Using plain iptables or use the ipvs module of
iptables?

As far as I understood, with plain iptables, I need to enable
net.vs.conntrack?

Mit freundlichen Grüßen,

Michael Schwartzkopff

--
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

Attached Files:

Re: [lvs-users] Best way to use source NAT? [ In reply to ]
ja at ssi
Nov 8, 2015, 1:21 AM
Post #2 of 2 (1063 views)
Permalink
Hello,

On Thu, 5 Nov 2015, Michael Schwartzkopff wrote:

> Hi,
>
> I found several ways to implement source NAT on the LVS. What is the state of
> the art way to do this? Using plain iptables or use the ipvs module of
> iptables?
>
> As far as I understood, with plain iptables, I need to enable
> net.vs.conntrack?

Yes, if Netfilter's conntrack is enabled the faster
option for IPVS is to also enable net.vs.conntrack [1]. It allows
stateful filtering (-m state) and iptables NAT. There is even
specific match for IPVS: net/netfilter/xt_ipvs.c (-m ipvs).

[1] http://marc.info/?t=134728825000003&r=1&w=2

Regards

--
Julian Anastasov <ja@ssi.bg>

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal