|
Lars Marowsky-Bree wrote:
>
>
> Apparently, TCP/IP allows for the server to reply with a _different_ source
> address then the one the SYN packet was send to, and establish the connection
> to that adress instead.
I did a bad lash-up of this just now and the lash-up failed
in a way that didn't prove anything about the above conjecture.
I put a NAT box as the gw of the realserver and telnet'ed
to the LVS. The role of the NAT box is for the SYN packet
from the realserver to emerge with an IP different to the
VIP.
The reply SYN packet from the realserver emerged from the
NAT box with the IP of the NAT box (rather than the VIP),
which is what I wanted, and with the correct sequence number,
but with the wrong port (because of NAT, it was 61xxx rather
than 23). The client issued a reset to the NAT box.
I'm thinking of other ways of testing this without having to
rewrite the realserver kernel.
Joe
--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
|
