Static NAT does not need to keep any dynamic data about current IP
mappings, but for the virtual server function this is necessary. The
implication is the standard NAT structure is not enough so that it
must be enhanced in order to be able to store all the dynamic information
and the data about real servers that answer packets for this virtual
server. A virtual server is represented by exactly one NAT rule in
the chain of rules, but since it is a dynamic rule (using dynamic
data) the pointer reserved for such rules points to a structure that
holds virtual server specific data. Also, the fields containing NAT-IPs
and NAT-ports are meaningless for all dynamic rules, since the information
which IP will be used for the translation is not static but needs
to be gained from the dynamic data gathered so far using some algorithm.
A virtual server is one virtual IP, so we store this IP in the field
where we try to match the destination IP of incoming packets with.
In the virtual server case this will always be a full IP and not a
network, but of course it would work just the same (not exactly, though,
because in answer packets back to the client we need to substitute
the source IP: the virtual servers IP for the real servers IP). See
the figure on page for how a chain of NAT rules containing a virtual
server rule looks like.
I do not store complete connection state information, but only the
IPs of clients using the virtual server. I have already covered this
topic in section above.