I have working configuration of LVS-NAT on my Linux
box.....everything is working good except one little thing......
--------------- private network
|10.10.0.0/24 | real servers
--------------- ___________ _________ network
| | | | |
| | | |10.10. |
|_____________| |_______|1.0/24 |
| LVS-NAT | | |
_____| | | |
| |_________| | |
| INTERNET |
I have the direct routing from 10.10.0.0/24 to 10.10.1.0/24
and 1 real IP on LVS-NAT. I have mapped port using ipvsadm
for example 21,22,25, and so on.... to the internal network
machines (real servers' network). I can get to the machines behind
the LVS box on these ports from internet, but when I'm trying
to get through the direct routing to the real servers from
private network, all of the mapped ports are not available...
What I figured out is that I have waiting connections
on real servers from my private network (netstat -na on real server)
but the returning packets from real servers through the LVS to my
privvate network are somehow blocked on LVS.....
Can anyone solve this problem ???
What I did to get to this hosts on real servers' network on mapped ports
is to assign one more ip address that isn't mapped on LVS and aftyer that
I can log in to them........but this complicates the configurations and
management of the real servers( It's annoying to remember doubled ip
addresses on these machines.....