IPFW and IPFWCMP (yes, on BSD)
Matthew Carpenter
matt
Mon May 17 11:39:31 PDT 2004
I have some questions for anyone with some IPFW/IPFWCMP experience.
NetFilter experience would be beneficial as well...
I have a BSDi box I'm trying to get to do some NAT-ing.
In Linux 2.4 the NetFilter code incorporated the NAT subsystem
previously requiring IP Route2 and/or queueing, etc... Could it be
possible that IPFW (since it is supposed to be so good) manages this as
well?
Here is the problem I am attempting to solve:
BigIP loadbalancers from F5 Networks, configured as a Router/LB machine
(as opposed to bridging). When accessing a Virtual IP (VIP) from one of
the machines behind the BigIP, I am handed off to another node on the
same subnet. That machine sees the Src address and attempts to respond
directly causing the triangle of death (the originating machine is
expecting a response from the Virtual IP, not the node's real address).
The BigIP's have a built-in NAT which will NAT the source address for
any traffic from specified nodes going through the BigIP's, solving
this problem but causing others...
I need to be able to control the NAT so that it only NAT's traffic
which will go to a another node on the same subnet.
In NetFilter I would do something like the following:
iptables -t nat -A POSTROUTING -s <HOST OR SUBNET> -d <Same Subnet> -j
SNAT --to-source <some outside address to force routing>
Thanks for any assistance you might be able to give, I know that IPFW is
popular even on Linux, and I am hoping someone will be able to figure
out my NetFilter translation :)
Matt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.linux-sxs.org/pipermail/linux-users/attachments/20021029/d8e60a11/attachment.pgp
More information about the Linux-users
mailing list