Re: LVS-NAT two nic / two network problem

To:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx, Julian Anastasov <ja@xxxxxx>, Roberto Nibali <ratz@xxxxxx>
Subject:	Re: LVS-NAT two nic / two network problem
Cc:	jlobascher@xxxxxxxxxxxxx
From:	Joseph Mack <mack.joseph@xxxxxxx>
Date:	Thu, 21 Mar 2002 07:43:04 -0500

jlobascher@xxxxxxxxxxxxx wrote:
> 
> Everyone - I am trying to configure a NAT LVS using two nics and two
> networks on the director.

Thank you for the nice complete report. 

> My problem is that if I tcpdump both interfaces on the director and then
> send a request from the client no packets come out eth0:1.
 
I should get this straight, but I don't know whether LVS grabs
the packets before tcpdump gets a chance to see them.
tcpdump may not be helpful on the director - it might 
be better to look on the realserver.

Anyone,
        
        For the HOWTO, where does LVS grab it's packets in the 
Netfilter diagram for 2.2 and 2.4 and where does it reinject them 
on the way out? Where does tcpdump get its packets? Is it different 
for VS-DR and VS-NAT? 

        Just for completeness, where does NAT step in for 2.2 and 2.4?

        To help I've included diagrams from Marsh's 
book on Policy Routing


2.2

        network device
        |
        checksum
        |
        accounting
        |
        input
        |
        routing<->local_machine
        |
        forward
        |
        output
        |
        accounting
        |
        network device


2.4

        network device
        |
        sanity check
        |
        pre-route Netfilter(1)
        |
        routing-------------------------input Netfilter(2)
        |                               |
        forward Netfilter(3)            local machine
        |                               |
        |                               output Netfilter(4)
        |                               |
        |-------------------------------routing
        |
        post-route Netfilter(5)
        |
        network device



> I have
> ipv4_forwarding turned on.  I can ping the RIP's from the CIP.  I can
> ping the CIP from the Realservers.  Can telnet from the director to the
> realservers.  traceroute's from the realservers go through the director
> to get to the client.

Did the rc.lvs script give any errors?
 
> Unfortunately I am running RedHat7.2 (kernel 2.4.9) - and am stuck using
> the ipvs-0.8.2 which came preinstalled.

I worked on a (presumably default install) RedHat 2.4 box once which ran 
ipchains as part of its rc files. Make sure you don't have ipchains rules
and that there no ipchains module. Make sure you have no filter rules 

look at the ipchains compatibility section in

http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO-6.html#ss6.1


> I am currently trying to
> compile ipvs-1.0.0 against a 'clean' kernel.org kernel - but redhat is
> not making it easy (no ext3 support in the kernel.org tree).

you can run as ext2 for testing, you just won't have the journalling.
 
Joe

-- 
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center, 
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA

<Prev in Thread]	Current Thread	[Next in Thread>
LVS-NAT two nic / two network problem, jlobascher Re: LVS-NAT two nic / two network problem, Joseph Mack <= Re: LVS-NAT two nic / two network problem, Julian Anastasov Re: LVS-NAT two nic / two network problem, Joseph Mack Re: LVS-NAT two nic / two network problem, Julian Anastasov RE: LVS-NAT two nic / two network problem, Mark Weaver RE: LVS-NAT two nic / two network problem, Lizambri, Todd RE: LVS-NAT two nic / two network problem, jlobascher Re: LVS-NAT two nic / two network problem, Joseph Mack

Previous by Date:	LVS-NAT two nic / two network problem, jlobascher
Next by Date:	configure.pl, Claudiu
Previous by Thread:	LVS-NAT two nic / two network problem, jlobascher
Next by Thread:	Re: LVS-NAT two nic / two network problem, Julian Anastasov
Indexes:	[Date] [Thread] [Top] [All Lists]