Getting timeout error when connecting to realserver

[Vidar <vl-list@xxxxx>]

Hi

I am using LVS-NAT on rh8.0 and have some difficulties getting it to work

# echo "1" > /proc/sys/net/ipv4/ip_forward
# echo "0" >/proc/sys/net/ipv4/conf/all/send_redirects
# echo "0" > /proc/sys/net/ipv4/conf/default/send_redirects
# echo "0" > /proc/sys/net/ipv4/conf/eth0/send_redirects

# /sbin/ipvsadm -C
# /sbin/ipvsadm -A -t 10.0.2.130:http -s rr
# /sbin/ipvsadm -a -t 10.0.2.130:http -r 192.168.0.4:http -m -w 1

When I connect to port 80 from the client I get the following in the 
Director's log. The 4th entry seems to be wrong, but I don't know why it 
behaves that way:
Feb 17 11:19:50 babylon4 kernel: Packet log: input ACCEPT eth0 PROTO=6 
10.0.2.20:60101 10.0.2.130:80 L=60 S=0x10 I=2912 F=0x4000 T=64 SYN (#1)
Feb 17 11:19:50 babylon4 kernel: Packet log: output ACCEPT eth1 PROTO=6 
10.0.2.20:60101 192.168.0.4:80 L=60 S=0x10 I=2912 F=0x4000 T=64 SYN (#1)
Feb 17 11:19:50 babylon4 kernel: Packet log: input ACCEPT eth1 PROTO=6 
192.168.0.4:80 10.0.2.20:60101 L=60 S=0x00 I=0 F=0x4000 T=64 (#2)
Feb 17 11:19:50 babylon4 kernel: Packet log: output ACCEPT eth1 PROTO=6 
10.0.2.20:60101 192.168.0.4:80 L=40 S=0x00 I=0 F=0x4000 T=63 (#1)

It seems that instead if forwarding the reply back to the client, the director 
instead send it back to the realserver. Any clue why this is happening ? or 
how to find out the reason?
ping'ing the client from the realserver works perfectly, so the masquerading 
works perfectly.

My network is as follows:
----------------
Client      
10.0.2.20 
----------------
       |
       |
---------------
10.0.2.130
Director
192.168.0.1
---------------
       |
       |
---------------
192.168.0.4
Realserver
---------------

Director's route table and firewall ruleset:
# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.2.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         10.0.2.1        0.0.0.0         UG    0      0        0 eth0

# ipchains -L -n
Chain input (policy ACCEPT):
target     prot opt     source                destination           ports
ACCEPT     tcp  ----l-  0.0.0.0/0            0.0.0.0/0             * ->   80
ACCEPT     tcp  ----l-  0.0.0.0/0            0.0.0.0/0             80 ->   *
Chain forward (policy ACCEPT):
target     prot opt     source                destination           ports
MASQ       all  ------  192.168.0.0/24       0.0.0.0/0             n/a
Chain output (policy ACCEPT):
target     prot opt     source                destination           ports
ACCEPT     tcp  ----l-  0.0.0.0/0            0.0.0.0/0             * ->   80
ACCEPT     tcp  ----l-  0.0.0.0/0            0.0.0.0/0             80 ->   *

# ipvsadm -l
IP Virtual Server version 1.0.4 (size=65536)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  babylon4.ez.no:http rr
  -> 192.168.0.4:http             Masq    1      0          0


The director run's RedHat's latest kernel:
kernel-2.4.18-24.8.0
ipvsadm-1.21-3

Routing table on realserver:
# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth0

Best regards,
Vidar

-- 
Vidar Langseid