Jeff Williams wrote:
> Philippe Teuwen wrote:
>
>>> I added the rule:
>>>
>>> iptables -t nat -A PREROUTING -i eth0 -d 4.3.2.1 -j DNAT --to 1.2.3.5
>>>
>>>
>> Drop the interface option, internal vserver traffic doesn't come from
>> eth0.
>>
>> iptables -t nat -A PREROUTING -d 4.3.2.1 -j DNAT --to 1.2.3.5
>>
> Phil,
>
> This is what I am trying to achieve:
>
> Two vservers 1.2.3.4 and 1.2.3.5. Also an alias IP 4.3.2.1 for the
> 1.2.3.5 server.
>
> (1) Traffic from external to 4.3.2.1 should go to 1.2.3.5.
> (2) Traffic from 1.2.3.4 to 4.3.2.1 should routed out to the default
> gateway.
>
> Dropping the interface option stuffs up (2).
>
Ok ok I though you had 2 smtp vservers on the same machine but actually
you want to load balance between two physically distinct machines
through your "default gateway" which does the balancing.
With iptables -t nat -A PREROUTING -i eth0 -d 4.3.2.1 -j DNAT --to 1.2.3.5
the int traffic goes directly to your host which has no service at port
25 and is dropping the packets
If you want the packets from int vservers to physically leave the
machine via eth0,
try with the same iptable rule but do not assign IP 4.3.2.1 to the host
at all.
The load balancer knows the MAC of your host anyway and your host will
still receives ext packets and DNAT them, maybe you need to set the
ip_forward flag but I don't think so.
Now for int packets, 4.3.2.1 is totally unknown and ext gateway will be
used.
I hope...
Phil
Received on Fri Aug 31 13:48:13 2007