|
Bill Michaelson wrote:
>
> I am trying to use ipvsadm for NAT. I rebuilt the Linux 2.2.13 kernel with
> the 0.9.5 package of ipvsadm support. I configured the telnet port at the
> virtual server IP to direct traffic to "daisy". Here is a report by
> ipvsadm:
>
> $ ipvsadm -L
> IP Virtual Server version 0.9.5 (size=4096)
> Prot LocalAddress:Port Scheduler Flags
> -> RemoteAddress:Port Forward Weight ActiveConn InActConn
> TCP virtip:telnet wlc
> -> daisy:telnet Masq 1 0 1
>
> Looks good so far, I think.
>
> So I start a telnet client on fred, a box on the "outside" network which
> connects to the VS thru eth1, and expect relay to occur to daisy, on eth0...
>
> fred$ telnet virtip
>
> I watch the activity from another box attached to both eth0 and eth1 with
> a pair of tcpdump processes. Here is what they report:
>
> on eth1:
>
> # tcpdump -i eth1 host daisy or virtip or \( fred and ! jujubee \)
> tcpdump: listening on eth1
> 09:19:14.621943 fred.1061 > virtip.telnet: S 2014912000:2014912000(0) win
> 4096 <mss 1460>
> 09:19:14.622742 daisy.telnet > fred.1061: S 3197583873:3197583873(0) ack
> 2014912001 win 16384 <mss 512>
> 09:19:14.623062 fred.1061 > daisy.telnet: R 2014912001:2014912001(0) win 0
>
> on eth0:
>
> # tcpdump -i eth0 host daisy or virtip or \( fred and ! jujubee \)
> tcpdump: listening on eth0
> 09:19:14.622128 fred.1061 > daisy.telnet: S 2014912000:2014912000(0) win 4096
> <mss 1460>
> 09:19:14.622606 daisy.telnet > fred.1061: S 3197583873:3197583873(0) ack
> 2014912001 win 16384 <mss 512>
> 09:19:14.623144 fred.1061 > daisy.telnet: R 2014912001:2014912001(0) win 0
>
> I notice that the first packet arrives at the VS (virtip) via eth1, and is
> relayed to daisy as expected, BUT the packet is still identified as having
> a source of fred. As I interpret the operation of NAT, the packet should
> have been modified to show a source of virtip, in order that replies from
> daisy are returned via the VS.
>
No, it doesn't change the source of the packet, but it requires that
the default route of real servers must be set to the LVS box, so that
the response packets can be rewritten back in the VS-NAT mode. In your
configuration, the default route of daisy must be set to the LVS box.
BTW, changing the source of the packet to the virtip sounds good too,
it doesn't require that default route rule, but requires additional
code to handle it.
Wensong
----------------------------------------------------------------------
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe, e-mail: lvs-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxx
For additional commands, e-mail: lvs-users-help@xxxxxxxxxxxxxxxxxxxxxx
|
