Netfilter connection tracking support for IPVS
	Julian Anastasov <ja@ssi.bg> - Sep 6, 2003


	CONTENTS:

	1. Install on Linux 2.4.23 and next 2.4/2.6 kernels
	2. Install on Linux 2.4.22 with IPVS 1.0.10
	3. Usage

	1. Install on Linux 2.4.23 and next 2.4/2.6 kernels

	IPVS is included in 2.4.23, use only ipvs-nfct-2.4.23-1.diff

	cd linux
	patch -p1 < ../ipvs-nfct-2.4.23-1.diff

	Patches for next kernels:

	2.4.26			ipvs-nfct-2.4.26-1.diff
	2.6.5			ipvs-nfct-2.6.5-1.diff

- enable the CONFIG_IP_VS_NFCT option: 'Netfilter connection tracking'



	2. Install on Linux 2.4.22 with IPVS 1.0.10

- Patch your 2.4.22 kernel with ipvs-1.0.10-nfct-2.4.22-1.diff,
it exports some useful functions

- apply all needed patches for the kernel, as specified in the IPVS
README file

- build your kernel

For modules:

- apply ipvs-1.0.10-nfct-1.diff to IPVS 1.0.10

- enable the CONFIG_IP_VS_NFCT support in ipvs/Makefile, look for
"Enable NFCT support here:"

For in-kernel build:

- install the IPVS into your kernel source tree as usually

- enable the CONFIG_IP_VS_NFCT option: 'Netfilter connection tracking'

Example steps to build IPVS in kernel 2.4.22:

# patch IPVS:

tar xfz ipvs-1.0.10.tar.gz
cd ipvs-1.0.10/
cat ../ipvs-1.0.10-nfct-1.diff | patch -p1
# in Makefile fix KERNELSOURCE to the right linux source

# patch the kernel

cd linux/
cat ../ipvs-1.0.10-nfct-2.4.22-1.diff | patch -p1

# install IPVS in kernel tree
cd ../ipvs-1.0.10/
make patchkernel
make installsource

# reconfigure and build the kernel
cd ../linux
make menuconfig
# Now may be you want to select the IPVS 'Netfilter connection tracking'
# option after enabling Netfilter's
# 'Connection tracking (required for masq/NAT)' support


	3. Usage

	The conntrack support is useful for LVS-NAT setups and
for non-NAT methods if forward_shared flag is used to allow real
servers to use the director as default gateway. By this way, we have
proper conntrack state updated in reply direction.

- for LVS-NAT support with ip_vs_ftp make sure you have
ip_conntrack_ftp loaded

- load your modules as usually

- enable the NFCT support at run time:

	echo 1 > /proc/sys/net/ipv4/vs/conntrack

- enable the SNAT rerouting for IPVS traffic (optional, useful for
source based routing, in fact, not related to this NFCT support)

	echo 1 > /proc/sys/net/ipv4/vs/snat_reroute

- configure your IPVS services as usually