1

I have an Ethernet card on CentOS server. It has been configured:

eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 40:f2:e9:9b:b7:bb brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 10.54.19.255 scope global eth1
    inet 192.168.1.2/24 scope global secondary eth1
    inet6 fe80::42f2:e9ff:fe9b:b7bb/64 scope link

192.168.1.2 is a VIP (virtual IP is created by keepalived).

I want to pass all traffic through virtual IP (192.168.1.2) and the out packets have to be included VIP not real IP (192.168.1.1). And I used iptables but it's not working: the out packets still include real IP not VIP. Here is command for iptables:

iptables -t nat -I POSTROUTING -d x.x.x.x -j SNAT --to 192.168.1.2
Andrew Schulman
  • 8,561
  • 21
  • 31
  • 47
LinhTran
  • 11
  • 1
  • 2
  • What about this one "iptables -t nat -I POSTROUTING -o eth1 -j SNAT --to 192.168.1.2" (first delete your one above "iptables -t nat -D POSTROUTING -d x.x.x.x -j SNAT --to 192.168.1.2"). – tonioc Jan 28 '15 at 09:41
  • What routing mode are you using with keepalived (DR, NAT, TUN) ? – Xavier Lucas Jan 28 '15 at 14:30

1 Answers1

1

Did you change your routing table? You need to add route to gateway with src 192.168.1.2, maybe. You can look at routing table using iproute2:

ip route

If you have something like that:

default via 192.168.1.254 dev eth1

you add a route to this address:

ip route add 192.168.1.254 dev eth1 src 192.168.1.2

or you can add route to subnet:

ip route add 192.168.1.0/24 dev eth1 src 192.168.1.2

Actually, route to this subnet is in your routing table already, but with src ip address 192.168.1.1, so you have to delete this entry. The first thing to do is look at routing table. Hope this will help a little.

AlexZ
  • 41
  • 7