Igor Zhbanov wrote: > Hello! > I have set-up four nodes system: two LVS load balancers (CentOS) and > two working nodes (openSUSE). > LVS nodes have global IPs, so they able to access the internet and > working nodes have only private IPs, so they cannot access internet > directly. I use NAT-base load balancing. > > Now I need to know how give working nodes ability to access the > internet? I ask this because I don't know how to write properly > iptables rules so LVS balancing packets will not conflict with working > nodes internet connections. Should I assign some IP-alias for default > gateway for that nodes or something else? You should read thru the LVS HowTo, more about LVS-NAT. There is no reason why your LVS load balancers can't also act as general NAT gateways, that's really what they're already doing. Just make sure your LVS-NAT gateways are masquerading internally initiated outbound traffic. I don't think you'll have a problem. Jed