Re: Setting up a lvs-tun working...

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: Setting up a lvs-tun working...
From:	"Mathieu Collas" <lvs@xxxxxxxxxx>
Date:	Wed, 11 Aug 2004 13:01:01 +0200

re,

So, nothing work...

netstats shows me that the connection is arrived on the realserver, but
nothing else... :
tcp        0      0 192.168.129.66:23       81.51.49.105:35719      SYN_RECV

Maybe the switch of my web hosting filter the packets, because the response
packet have the src address of the VIP which is not really on the box !

Iptables -log shows me that :
Aug 11 13:02:00 ns31037 kernel: IN= OUT=eth0 SRC=192.168.129.66
DST=81.51.49.105 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=23
DPT=35720 WINDOW=5792 RES=0x00 ACK SYN URGP=0

the SRC is the VIP, the DEST is the good IP (client IP), but nothing arrrive
to the client...


Is there a tools to change the source address of the reply packets to the
realserver real IP ?


It makes me crazy...









----- Original Message ----- 
From: "Mathieu Collas" <lvs@xxxxxxxxxx>
To: "LinuxVirtualServer.org users mailing list."
<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Sent: Wednesday, August 11, 2004 1:05 AM
Subject: Re: Setting up a lvs-tun working...


> Thank you for all your replies !
>
> I have a 2.4.26 kernel, but it has no effect, maybe netfilter or something
> needed is not activated...
>
> I will try tomorrow and tell you :)
>
>
> ----- Original Message ----- 
> From: "Todd Lyons" <tlyons@xxxxxxxxxx>
> To: "LinuxVirtualServer.org users mailing list."
> <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
> Sent: Tuesday, August 10, 2004 6:20 PM
> Subject: Re: Setting up a lvs-tun working...
>
>
> > Mathieu Collas wanted us to know:
> >
> > >I tried to use that :
> > >
> > >
> > >echo 2 >/proc/sys/net/ipv4/conf/all/arp_ignore
> > >echo 2 >/proc/sys/net/ipv4/conf/all/arp_announce
> > >echo 2 >/proc/sys/net/ipv4/conf/tunl0/arp_ignore
> > >echo 2 >/proc/sys/net/ipv4/conf/tunl0/arp_announce
> >
> > This requires a 2.6.4 or higher kernel or a 2.4.26 or higher kernel.
> >
> > >but this seems to has no effect...
> >
> > Makes me think you're using an older 2.4.x.
> >
> > >> >I tried to setup the free versions (nat, dr and tun), and none of
the
> 3
> > >> >work...
> >
> > I'd ignore NAT for now as that's an architecturally different solution,
> > whereas DR and TUN are architecturally the same (minus the tunnel).
> >
> > >> >My goal is to make a tun version work, but as i failed to set it up,
i
> > >tried
> > >> >to make a DR version, and then a nat version.... for the 3 version,
i
> >
> > Get the DR version to work and your TUN version will work with very
> > little modifications.
> >
> > >> >at the same state, the connection is received by the realserver, but
> no
> > >> >reply arrive to the client...
> >
> > Sounds like the arp problem.
> >
> > Here's what I set on my realservers (2.6.5 kernel BTW) for the routing
> > to work properly between the private network (10.x.x.x) and the public
> > load balanced IP (64.x.x.x):
> >
> > smtp1 root # tail -6 /etc/sysctl.conf
> > # For load balanced machines
> > net.ipv4.conf.lo.arp_ignore = 1
> > net.ipv4.conf.lo.arp_announce = 2
> > net.ipv4.conf.all.arp_ignore = 1
> > net.ipv4.conf.all.arp_announce = 2
> >
> > >> >I have 2 box, 1 NIC on each box in a datacenter (i have no acces). 1
> > >public
> > >> >IP per box, and no VIP.
> >
> > Hmmm, only one NIC?  I tend to think you'd have problems trying to get
> > NAT to work with only 1 NIC anyway.  But it works just fine with DR.  So
> > (again), get DR working first.  In the LVS Howto, pay particular
> > attention to section 5.6 (The cure for the arp problem in 2.6 kernels).
> >
> > >From your previous email when you were trying to do NAT:
> >
> > >> ># director :
> > >> >------------
> > >> >
> > >> >echo 0 >/proc/sys/net/ipv4/ip_forward
> >
> > The NAT method will not work if the director cannot forward packets.
> > The NAT method requires that the director *BE* the gateway, therefore it
> > must route both inbound and outbound packets for the realservers.
> >
> > Good luck dude!  It sounds like you're close.  Fix the arp problem, and
> > the system start working.
> > -- 
> > Regards... Todd
> >   We should not be building surveillance technology into standards.
> >   Law enforcement was not supposed to be easy.  Where it is easy,
> >   it's called a police state.             -- Jeff Schiller on NANOG
> > Linux kernel 2.6.3-15mdkenterprise   2 users,  load average: 0.02, 0.06,
> 0.06
> > _______________________________________________
> > LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > or go to http://www.in-addr.de/mailman/listinfo/lvs-users
> >
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>

<Prev in Thread]	Current Thread	[Next in Thread>
Setting up a lvs-tun working..., Mathieu Collas Re: Setting up a lvs-tun working..., Joseph Mack Re: Setting up a lvs-tun working..., Mathieu Collas Re: Setting up a lvs-tun working..., Malcolm Turnbull Re: Setting up a lvs-tun working..., Mathieu Collas Re: Setting up a lvs-tun working..., Malcolm Turnbull Re: Setting up a lvs-tun working..., Todd Lyons Re: Setting up a lvs-tun working..., Mathieu Collas Re: Setting up a lvs-tun working..., Mathieu Collas <= Re: Setting up a lvs-tun working..., Joseph Mack

Previous by Date:	Re: Memory leak with ldirectord 1.88 on fedora core 1, Horms
Next by Date:	Re: Broadcast Address for VIP (lo:0)..., Joseph Mack
Previous by Thread:	Re: Setting up a lvs-tun working..., Mathieu Collas
Next by Thread:	Re: Setting up a lvs-tun working..., Joseph Mack
Indexes:	[Date] [Thread] [Top] [All Lists]