LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] LVS/TUN Help with FWMARK

To: <brouer@xxxxxxxxxx>, <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>, <ja@xxxxxx>
Subject: Re: [lvs-users] LVS/TUN Help with FWMARK
From: Jenny Lee <bodycare_5@xxxxxxxx>
Date: Thu, 28 Jun 2012 12:17:14 +0000
----------------------------------------
> Subject: Re: [lvs-users] LVS/TUN Help with FWMARK
> From: brouer@xxxxxxxxxx
> To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> CC: bodycare_5@xxxxxxxx
> Date: Thu, 28 Jun 2012 11:46:22 +0200
>
> On Thu, 2012-06-28 at 09:56 +0300, Julian Anastasov wrote:
> > On Thu, 28 Jun 2012, Jenny Lee wrote:
> >
> > > On MACHINE 2, I run:
> > >
> > > service iptables stop
> > > modprobe ipip
> > > ip addr add 1.1.1.3/32 dev tunl0
> >
> > Can this help?
> >
> > cat /proc/sys/net/ipv4/conf/tunl0/rp_filter
> > echo 0 > /proc/sys/net/ipv4/conf/tunl0/rp_filter
>
> Hi Jenny
>
> The problem is most likely Reverse Path Filtering, like Julian is
> pointing out.
>
> Please provide output of command:
> grep . /proc/sys/net/ipv4/conf/*/rp_filter
>
> You also have to make sure the the "all" rp_filter = 0, by running:
>
> echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
>
>
> For IPVS TUN mode I recommend that you edit your /etc/sysctl.conf and
> add:
> net.ipv4.conf.default.rp_filter = 0
> net.ipv4.conf.all.rp_filter = 0
>

 
Jesus! I spent 2 entire days days on this.
 
This fixed it for me on RS1 (they were all 1's except "all"): for i in 
/proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $i; done
 
Now I can access telnet on RS1 when I am connecting to an IP on MACHINE1 (VIP). 
 
Thank you so much Jullian and Jesper.
 
Correspondence works both ways (if I type something on nc on RS1, client sees 
it), so I am assuming DC is not doing RP filtering (Hurricane Electric).
 
Now a little bit constructive criticism ... Site and FAQS and everything has 
too much clutter. Some effort must be done to remove all references to a 2.0.36 
kernel and ipchains. It is hard to understand what is what (I read entire 
austintek FAQS which were full of outdated information and served no purpose 
except to confuse the matters). For example, I know i saw rp filtering 
references, but i could not find them again.
 
 
Thanks again... soooo much.
 
Jenny
 
 
 
                                          
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>