Re: Problems with 2.4.2

To:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject:	Re: Problems with 2.4.2
From:	Tao Zhao <taozhao@xxxxxxxxxx>
Date:	Thu, 16 Aug 2001 18:53:19 -0400 (EDT)

Why do you need ipchains for masquerading? I think LVS (director) will do
this automatically because it tracks all incoming connections, change
the dest according to scheduling decisions, and change the src addr when
replies go through the director. Correct me if I am wrong.

-Tao

On 16 Aug 2001, Kjetil Torgrim Homme wrote:

> I'm using Red Hat's stock kernel from 7.1, and use ipvsadm from
> Powertools 7.1.
> 
> The LVS is set up like this:
> 
>   ipvsadm -A -t lvs:http -s rr
>   ipvsadm -a -t lvs:http -r rs1:80 -m -w 1
>   ipvsadm -a -t lvs:http -r rs2:80 -m -w 1
> 
> The director has two network interfaces, one public and one private.
> The two real servers are connected to a hub in the private net.  There
> are no firewall rules.  The masquerading is set up using ipchains.
> 
>   ipchains -A forward -j MASQ -s 10.218.128.0/24 -d 0.0.0.0/0
> 
> The problem: The request from the outside goes into the director, is
> masqueraded and passed on, and the real server sends a reply.
> Unfortunately, the reply is not demasqueraded and it gets dropped.
> 
> This is the output of tcpdump on the director (139.119.191.249) as it
> gets a request from a client (139.119.191.49):
> 
>  :13.770082 eth0 < 139.119.191.49.1754 > 139.119.191.249.http: S 
> 1204706457:1204706457(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
>  :13.770082 eth1 > 139.119.191.49.1754 > 10.218.128.12.http: S 
> 1204706457:1204706457(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
>  :13.770082 eth1 < 10.218.128.12.http > 139.119.191.49.1754: S 
> 2868758999:2868758999(0) ack 1204706458 win 5840 <mss 1460,nop,nop,sackOK> 
> (DF)
>  :17.010082 eth0 < 139.119.191.49.1754 > 139.119.191.249.http: S 
> 1204706457:1204706457(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
>  :17.010082 eth1 > 139.119.191.49.1754 > 10.218.128.12.http: S 
> 1204706457:1204706457(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
>  :17.010082 eth1 < 10.218.128.12.http > 139.119.191.49.1754: S 
> 2868758999:2868758999(0) ack 1204706458 win 5840 <mss 1460,nop,nop,sackOK> 
> (DF)
>  :17.170082 eth1 < 10.218.128.12.http > 139.119.191.49.1754: S 
> 2868758999:2868758999(0) ack 1204706458 win 5840 <mss 1460,nop,nop,sackOK> 
> (DF)
> 
> Has anyone seen something like this before?  Is it just a buggy
> kernel?
> 
> 
> Kjetil T.
> 
> 
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>

<Prev in Thread]	Current Thread	[Next in Thread>
Problems with 2.4.2, Kjetil Torgrim Homme Re: Problems with 2.4.2, Julian Anastasov Re: Problems with 2.4.2, Kjetil Torgrim Homme Re: Problems with 2.4.2, Tao Zhao <= Re: Problems with 2.4.2, Kjetil Torgrim Homme Re: Problems with 2.4.2, Julian Anastasov

Previous by Date:	Re: No configure scrit in ipvs-0.8.0, Horms
Next by Date:	Re: Problems with 2.4.2, Kjetil Torgrim Homme
Previous by Thread:	Re: Problems with 2.4.2, Kjetil Torgrim Homme
Next by Thread:	Re: Problems with 2.4.2, Kjetil Torgrim Homme
Indexes:	[Date] [Thread] [Top] [All Lists]