I set up a virtual server using ipvsadm, with the 'masq' parm. I also set up a 'forward' chain to masquerade the packets going through the virtual server. The packets don't get masqueraded. Part of the setup included: echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_always_defrag Also, /etc/sysconfig/network is... NETWORKING=yes FORWARD_IPV4=yes DEFRAG_IPV4=yes HOSTNAME=hcom1.worldspan.com GATEWAY=172.17.1.250 ipvsadm shows... [root@hcom1 sysconfig]# ipvsadm IP Virtual Server version 0.8.3 (size=4096) Protocol LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 172.17.206.209:1023 wlc -> 10.1.51.152:1350 Masq 2 0 0 My ipchains are... [root@hcom1 sysconfig]# ipchains -L forward Chain forward (policy ACCEPT): target prot opt source destination ports MASQ tcp ------ 172.17.206.0/24 anywhere 1024:65535 -> any MASQ udp ------ 172.17.206.0/24 anywhere 1024:65535 -> any My internet client's ip is 172.17.206.91, and it connects to 172.17.206.209:1023 (s-172.17.206.91 d-172.17.206.209:1023). When the packet is forwarded and arrives at my 'real' server the source address in the packet STILL IS 172.17.206.91 (s-172.17.206.91 d-10.1.51.152:1350). The virtual server correctly forwarded the packet but didn't masquerade it! I had to cancel a DEMO of Red Hat Linux Virtual Server with my company. This doesn't look good. Will you make this a high priority? Thanks for your help! Bobby Moore Project Engineer WORLDSPAN bobby.moore
*** Bug 9032 has been marked as a duplicate of this bug. ***
What I need is the capability to masquerade the source address of a packet destined for a real server, using ipchains. The problem is that any inbound packets from a client to real servers are bypassing the FORWARD chain, going from the INPUT chain to LVS to the OUTPUT chain. Masquerading the source address of the packet, as well as the destination packet (done by LVS) is what I need.
I have exchanged email with custmoer on several occassions. He also has subscribed to the LVS mailing list and now has a greater understanding of LVS and MASQ than when this problem was first logged. Customer has agreed that this bug report can be closed.
Here is the last email exchange: > MASQ works for me from an 'inside-to-outside network' perspective. That's > because traffic from real servers to the outside go through the 'forward' > chain of ipchains, while traffic from the outside to real servers doesn't. > I've learned allot during this experiment. Thanks for your feedback. > > Go ahead and close the bug report. Thanks. > > Bobby Moore Worldspan > Phone: 770.563.7362 Fax: 770.563.6406 > bobby.moore