LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] IPVS with SNAT support on the kernel 2.6.36 + iptables v

To: Ivan Havlicek <ivan@xxxxxxxxxxx>
Subject: Re: [lvs-users] IPVS with SNAT support on the kernel 2.6.36 + iptables v1.4.10
Cc: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
From: Julian Anastasov <ja@xxxxxx>
Date: Fri, 4 Mar 2011 20:15:45 +0200 (EET)

        Hello,

On Fri, 4 Mar 2011, Ivan Havlicek wrote:

       Also, try to increase the IPVS debug level at least to
10, so that we can see such messages:
IP_VS_DBG_PKT(10, AF_INET, pp, skb, 0, "After DNAT");

I'm afraid that this part of code is never reached !

        I now remember that IP_VS_DBG_PKT uses these
new pr_debug macros, so you can enable the debugging by
adding
#define DEBUG
as first line in net/netfilter/ipvs/ip_vs_proto.c

        then recompile and we can see how the packets look.
We must be sure that the right traffic reaches LOCAL_OUT.

Mar  4 16:52:58 srv1 kernel: IPVS: TCP input  [S...]
10.1.12.11:389->192.168.2.111:45792 state: NONE->SYN_RECV
conn->refcnt:2
Mar  4 16:52:58 srv1 kernel: IPVS: Enter: ip_vs_nat_xmit,
net/netfilter/ipvs/ip_vs_xmit.c line 394
Mar  4 16:52:58 srv1 kernel: IPVS: Leave: ip_vs_nat_xmit,
net/netfilter/ipvs/ip_vs_xmit.c line 448

        Line 448 means LeaveFunction(10) after IP_VS_XMIT
is called, packet is provided to LOCAL_OUT. That means
some packets are DNAT-ed properly by IPVS. If you add
#define DEBUG we can see exactly the IP addresses. But
I assume you do not have other traffic.

       As the server 2 is working, do you have any iptables
rules in OUTPUT hook on server 1?

No, I'v any other iptables rules... (policy ACCEPT by default)

        So, IPVS sends traffic to LOCAL_OUT but it does not
reach POST_ROUTING... And we know that 2.6.36 does not
hook at POST_ROUTING... Can you also add LOG rules in OUTPUT
hook, so that we can see the traffic there.

Regards

--
Julian Anastasov <ja@xxxxxx>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
<Prev in Thread] Current Thread [Next in Thread>