|This forum is proudly powered by Scientific Linux 6||SL website Download SL Help Search Members|
|Welcome Guest ( Log In | Register )||Resend Validation Email|
Posted: Jan 10 2012, 12:33 PM
Member No.: 1186
Joined: 10-January 12
I want to find the right iptables commands combination to address the following need:
- NEs are NATed thru the linux box (using iptables) towards the WAN cloud, where the NTP servers are situated.
- In order to achieve redundancy, the NTP Servers are in a load balancing cluster with one virtual IP address (172.30.4.245)
- The problem is that when the NEs request for NTP updates using the 172.30.4.245, the NTP response is received from one of the actual IP addresses (.200, .230 .240).
The iptables is not allowing this flow, which is a normal behaviour since the requested vs responding address are not the same (172.30.4.245 vs 172.30.4.230) :
Request : UDP 10.68.2.11:23445 ---> 172.30.4.245:123 (this is Before NAT, of course after NAT the source is 10.23.14.72)
Response: UDP 172.30.4.230:123 ---> 10.23.14.72:23445 (Response to the WAN address)
I'm wondering if there is any way to let iptables establish the UDP flow only based on the (s-port/d-port) regardless of the IP addresses, and execute the NAT back to the LAN based on that.
UDP/NTP is just an example, almost all the needed services are setup in the same way (load balancing in Cluster).
Appreciate your help !
Thanks & Regards
Posted: Jan 11 2012, 04:20 PM
Member No.: 4
Joined: 8-April 11
1. nice nick
2. nice picture and description of problem
3. not sure about your rules already on place, but, if i would suppose scenario, when your linux router has 2 NIC interfaces:
:eth0 == outside world (WAN)
:eth1 == inside world of LAN env.
:eht1 has as gateway setup the eth0 IP
:and also that the packet forwarding is enabled in /etc/sysctl.conf
:and also that eth1 is setup as gateway on the LAN clients (desktops, other servers, whatever)
very roughly and very discutable a few lines: