From: Dmitry Melekhov <dm@belkam.com>
To: Dennis Jacobfeuerborn <dennisml@conversis.de>
Cc: netfilter@vger.kernel.org
Subject: Re: connmark and nat
Date: Fri, 03 Apr 2015 08:03:34 +0400 [thread overview]
Message-ID: <551E1116.4000101@belkam.com> (raw)
In-Reply-To: <551D5AC9.60300@belkam.com>
02.04.2015 19:05, Dmitry Melekhov пишет:
> 02.04.2015 18:17, Dennis Jacobfeuerborn пишет:
>> On 02.04.2015 06:22, Dmitry Melekhov wrote:
>>> 02.04.2015 01:58, Pascal Hambourg пишет:
>>>> Dmitry Melekhov a écrit :
>>>>> I'm trying to do DNAT/SNAT on the same host with connmark and
>>>>> can't get
>>>>> it working.
>>>>>
>>>>> My host has static ip 192.168.22.252 and it can get address
>>>>> 192.168.22.99 from VRRP, so bind doesn't listen on 192.168.22.99,
>>>> Why not ?
>>> because there is no such address on interface, it becomes available
>>> only
>>> at VRRP state change to master :-)
>> Have you tried using /proc/sys/net/ipv4/ip_nonlocal_bind? Then you could
>> bind to that address even if it isn't configured yet.
>>
>>
> Thank you very much, this helps :-)
> I didn't know about this option.
> Turned it on, changed bind to
> listen-on { 192.168.22.99; any; };
>
> and it works :-)
>
>
Hmm, tried this once again- and doesn't work, looks like this is bind
problem, I guess I have to enumerate all interfaces, don't use any,
but there are more than 10 interfaces on this server, and I'm too lazy ;-)
So, looks like only solution is no force rndc reconfigure on vrrp state
change,
which I just implemented.
Very pity this can't be solved by using netfilter.
Thank you!
prev parent reply other threads:[~2015-04-03 4:03 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-31 7:10 connmark and nat Dmitry Melekhov
2015-04-01 21:58 ` Pascal Hambourg
2015-04-02 4:22 ` Dmitry Melekhov
2015-04-02 14:17 ` Dennis Jacobfeuerborn
2015-04-02 15:05 ` Dmitry Melekhov
2015-04-03 4:03 ` Dmitry Melekhov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=551E1116.4000101@belkam.com \
--to=dm@belkam.com \
--cc=dennisml@conversis.de \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.