|
On Thu, 23 Jun 2005, Son Nguyen wrote:
Hello,
I followed the troubleshooting tips here:
http://www.ssi.bg/~ja/TUN-HOWTO.txt
And here is the output:
director# ip route get RIP
RIP via xx.xxx.xx.121 dev eth0 src DIP
cache mtu 1500 advmss 1460
realserver# ip route get from CIP to VIP iif tunl0
local VIP from CIP dev lo src VIP
cache <local> iif tunl0
realserver# more /proc/sys/net/ipv4/conf/all/hidden => 1
realserver# more /proc/sys/net/ipv4/conf/tunl0/hidden => 1
if the realservers are at another location and the router
there doesn't route packets for the VIP to the realservers,
then you don't need to hide the VIP (no packets for the VIP
are ever going to get there).
It looks so far so good to my understanding. However, the traceroute results
doesn't look good.
realserver# /sbin/arp -d RIP_GATEWAY; traceroute -n -s VIP CIP
traceroute to CIP (CIP) from VIP, 30 hops max, 38 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
Does it mean the realserver's ISP does not allow spoofed packets?
possibly. Another possibility is that the ISP doesn't route packets
to the VIP so none of the replies come back (they'll be going to the
director), in which case the test I gave in my last e-mail won't work.
Can you listen for the replies on the director?
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
| 