Shorewall users - Oct 2012 - masq rules for LVS

Hi,

I need some special masq rules to allow internal servers to resolve public
IP''s which are loadbalanced by LVS - the rule are:

iptables -t nat -A POSTROUTING -m ipvs --vaddr <LVS PUBLIC IP>/32 --vport
80 -j SNAT --to-source <LVS INTERNAL IP>

Also I need to enable:

echo 1 > /proc/sys/net/ipv4/vs/conntrack 

Currently I do all this from /etc/shorewall/started - but is there a nice way to
configure this in shorewall?

Thanks

Regards
Kristoffer


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct

On 10/23/2012 12:50 AM, Kristoffer Egefelt wrote:
> Hi,
>
> I need some special masq rules to allow internal servers to resolve public
IP''s which are loadbalanced by LVS - the rule are:
>
> iptables -t nat -A POSTROUTING -m ipvs --vaddr <LVS PUBLIC IP>/32
--vport 80 -j SNAT --to-source <LVS INTERNAL IP>
>
> Also I need to enable:
>
> echo 1 > /proc/sys/net/ipv4/vs/conntrack
>
> Currently I do all this from /etc/shorewall/started - but is there a nice
way to configure this in shorewall?
There is currently no LVS support in Shorewall, so what you are doing is 
the best available way.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct