The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.

17.7.1 Configuring Firewall Rules for Keepalived NAT-Mode Load Balancing

If you configure Keepalived to use NAT mode for load balancing with the servers on the internal network, the Keepalived server handles all inbound and outbound network traffic and hides the existence of the back-end servers by rewriting the source IP address of the real back-end server in outgoing packets with the virtual IP address of the external network interface.

To configure a Keepalived server to use NAT mode for load balancing:

  1. Configure NAT mode (masquerading) on the external network interface, for example: 

    # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# service iptables save

  2. If not already enabled for your firewall, configure forwarding rules between the external and internal network interfaces, for example: 

    # iptables -A FORWARD -i eth0 -o eth1 -m state \
  --state RELATED,ESTABLISHED -j ACCEPT
# iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
# iptables -A FORWARD -j REJECT --reject-with icmp-host-prohibited
# service iptables save

  3. Enable access to the services or ports that you want Keepalived to handle.

    For example, to enable access to HTTP and make this rule persist across reboots, enter the following commands: 

    # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
# service iptables save

Copyright © 2013, 2021, Oracle and/or its affiliates. Legal Notices