|
On 23.06.2014 11:57, Anders Henke wrote:
> On 18.06.2014, Stephen Carville wrote:
>> I set up a CentOS 6.5 box to test ipvsadm. So far I have been unable to
>> get it to forward connections. When I try to connect, it doesn't write
>> anything in /var/log/messages to tell me what is happening. Netstat
>> doesn't see anything listening on the interface IP (I read elsewhere
>> that is normal) and tshark sees the incoming SYN but there is either a
>> timeout or a RST.
>>
>> Rules right now:
>>
>> $ ipvsadm -L
>>
>> IP Virtual Server version 1.2.1 (size=4096)
>> Prot LocalAddress:Port Scheduler Flags
>> -> RemoteAddress:Port Forward Weight ActiveConn InActConn
>> TCP 10.212.160.40:4172 lc persistent 360
>> -> 10.212.170.162:4172 Route 1 0 0
>> -> 10.212.170.163:4172 Route 1 0 0
>>
>> IP forwarding is turned on:
>>
>> $ sysctl net.ipv4.ip_forward
>> net.ipv4.ip_forward = 1
>
> Short answer: switch to kernel 3.6 or newer, turn off rp_filter for the
> interface receiving the reply packet, and replace rp_filter functionality by
> more accurate and flexible iptables rules in the FORWARD chain.
Since he is running CentOS 6.5 he can simply set
/proc/sys/net/ipv4/conf/<interface>/accept_local to 1 to prevent packets
from being dropped as martians. This was introduced in 2.6.33 but
backported to recent RHEL/CentOS kernels so no need to go to 3.6 or newer.
You still have to set the rp_filter though since this is a different
isssue than the martian packet one.
Regards,
Dennis
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
