|
Ding Ding Ding we have a winner!
I figured out what was causing the problem but I don't know how to fix
it.
In order for me to get the inbound packets to work with the LVS-DR setup
I have to add the IP to the LVS box on any interface (ip address add dev
lo 159.250.20.1). If I don't do that the LVS box just routes the packet
back out e0 to my core router and we have a routing loop.
If I put the IP address in the LVS box it will drop all packets coming
from that IP entering the network. It is probably some anti IP spoofing
code. Any one know how I can shut it off?
Question: Why do I need to add the IP address to the LVS box in a
LVS-DR/FWMARK setup. Technically, LVS doesn't care about the dest IP it
only cares about the FWMARK.
In Summary, LVS-DR only works if the IP address is on the machine
somewhere. Linux routing won't forward a packet coming from what it
thinks is itself that entered from another interface.
Ideally I would like it if I can setup the LVS box to not have to know
about the IP's
-Matt
|
