RE: Netfilter connection tracking support for IPVS

To: " users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Netfilter connection tracking support for IPVS
From: Graeme Fowler <graeme@xxxxxxxxxxx>
Date: Sat, 24 Feb 2007 14:58:50 +0000
Hi all

On Sat, 2007-02-24 at 15:37 +0100, Nicklas Bondesson wrote:
> The real problem is that no matter what VIP the client is accessing they
> always get the same ip source address. This is what I'm trying to solve.


I just re-read the entire thread and I'm now more confused than I was at
the start.

Nicklas, what you seem to be saying is that regardless of the VIP the
client connects to, they get a response from a different IP which never
varies, right?

Forgive me for stating the obvious - that's just broken. Every time (bar
one, which got fixed by fixing the FTP helper) I have setup LVS-NAT with
multiple VIPs, I haven't needed any conntrack stuff for LVS at all. The
very fact that there are multiple VIPs means that (as long as the IPVS
framework is working correctly) the responses from realserver->client
have been caught and un-NATted by LVS. No need for netfilter at all.

In the "raw", unpatched state, do you have LVS debugging enabled? It
might be worth you unpicking the nfct patch and turning on plain ole'
LVS debugging.


<Prev in Thread] Current Thread [Next in Thread>