LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: solving arp problem by using iptables

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: solving arp problem by using iptables
From: Horms <horms@xxxxxxxxxxxx>
Date: Thu, 25 Jul 2002 13:41:01 +0900
On Thu, Jul 25, 2002 at 09:06:35AM +0700, Le Van Thanh wrote:
> In the article "ARP problem with LVS/DR and LVS/TUN", the writer tell me a 
> way to solve the arp problem by using iptables by using the following command:
> 
> iptables -t nat -A PREROUTING -p tcp -d <VIP> --dport <vport> -j REDIRECT 
> --to-port <vport>
> 
> Can anyone please tell me what this command does and how I use it?

When a packet is recienved for the IP address <VIP> on port <vport>
then it will be directed to the port <vport> on the local host.
This is a method of having packets processed locally by a host
even if they are not addressed to an IP address on the host.

However, I do not believe that this approach will work on a 2.4 kernel
as the reply packets will be sent with the source IP address of
the interface that they were sent from. This will not match
the VIP and will almost certainly cause the end-user's machine
to reject the reply packets.  See:

http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO-15.html#ss15.4


> I tried to setup an alias interface in a real computer( running http service) 
> with vip=10.70.75.4

I don't think that you need an alias if you are using iptables
as you describe.

> and then I typed the command
> 
> iptables -t nat -A PREROUTING -p tcp -d 10.70.75.4 --dport 80 -j REDIRECT 
> --to-port 80
> 
> But it failed ( I could browse the web pages through this alias interface).

Could you please give some indicaation of what errors you are seeing?
I suspect that you are missing the ipt_REDIRECT module in your kernel.
Perhaps the following command will help:

modprobe ipt_REDIRECT

-- 
Horms
        


<Prev in Thread] Current Thread [Next in Thread>