Problems with LVS-NAT and direct routing to network behind LVS.....

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Problems with LVS-NAT and direct routing to network behind LVS.....
From: Pawel Kisiel <tecman@xxxxxxxxxxxxxxxxxxxx>
Date: Wed, 29 Aug 2001 19:03:32 +0200 (CEST)

        I have working configuration of LVS-NAT on my Linux
box.....everything is working good except one little thing......

        --------------- private network
        |             |
        | |                         real servers
        ---------------       ___________       _________ network
                |             |         |       |       | 
                |             |         |       |10.10. |
                |_____________|         |_______|1.0/24 |
                              | LVS-NAT |       |       |               
                         _____|         |       |       |
                         |    |_________|       |       |               
                         |                      |_______|
                  |              |      
                  |   INTERNET   |
                  |              |

     I have the direct routing from to
and 1 real IP on LVS-NAT. I have mapped port using ipvsadm
for example 21,22,25, and so on.... to the internal network
machines (real servers' network). I can get to the machines behind 
the LVS box on these ports from internet, but when I'm trying 
to get through the direct routing to the real servers from 
private network, all of the mapped ports are not available...
        What I figured out is that I have waiting connections
on real servers from my private network (netstat -na on real server)
but the returning packets from real servers through the LVS to my 
privvate network are somehow blocked on LVS.....
        Can anyone solve this problem ???
What I did to get to this hosts on real servers' network on mapped ports 
is to assign one more ip address that isn't mapped on LVS and aftyer that
I can log in to them........but this complicates the configurations and
management of the real servers( It's annoying to remember doubled ip
addresses on these machines.....

Pawel Kisiel


<Prev in Thread] Current Thread [Next in Thread>