[lvs-users] ipvsadm and ipchains MASQ

[bobby.moore@xxxxxxxxxxxxx]

|------------------------------------------------------------------------------------|
|                                                                               
     |
| I set up a virtual server using ipvsadm, with the 'masq' parm. I also setup a 
     |
| 'forward' chain to masquerade the packets going through the virtual server. 
The    |
| packets don't get masqueraded.                                                
     |
|                                                                               
     |
| Part of the setup included:                                                   
     |
|                                                                               
     |
| echo 1 > /proc/sys/net/ipv4/ip_forward                                        
     |
| echo 1 > /proc/sys/net/ipv4/ip_always_defrag                                  
     |
|                                                                               
     |
| Also, /etc/sysconfig/networkis...                                             
     |
|                                                                               
     |
| NETWORKING=yes                                                                
     |
| FORWARD_IPV4=yes                                                              
     |
| DEFRAG_IPV4=yes                                                               
     |
| HOSTNAME=hcom1.worldspan.com                                                  
     |
| GATEWAY=172.17.1.250                                                          
     |
|                                                                               
     |
| ipvsadm shows...                                                              
     |
|                                                                               
     |
| [root@hcom1 sysconfig]# ipvsadm                                               
     |
| IP Virtual Server version 0.8.3 (size=4096)                                   
     |
| Protocol LocalAddress:Port Scheduler Flags      -> RemoteAddress:Port         
     |
| Forward Weight ActiveConn InActConnTCP 172.17.206.209:1023 wlc      ->        
     |
| 10.1.51.152:1350      Masq    2      0          0                             
     |
|                                                                               
     |
| My ipchains are...                                                            
     |
| [root@hcom1sysconfig]# ipchains -L forwardChain forward (policy 
ACCEPT):target     |
| prot opt                                                                      
     |
|     source                destination           portsMASQ       tcp  ------   
     |
| 172.17.206.0/24      anywhere             1024:65535 ->   anyMASQ       udp   
     |
| ------  172.17.206.0/24      anywhere             1024:65535 ->   any         
     |
|                                                                               
     |
| My internet client's ip is 172.17.206.91, and it connects to 
172.17.206.209:1023   |
| (s-172.17.206.91 d-172.17.206.209:1023).When the packet is forwarded and 
arrives at|
| my 'real' server the source address in the packet STILL IS 172.17.206.91      
     |
| (s-172.17.206.91d-10.1.51.152:1350).  The virtual server correctly forwarded 
the   |
| packet but didn't masquerade it!                                              
     |
|------------------------------------------------------------------------------------|






Bobby Moore Worldspan
Phone: 770.563.7362 Fax: 770.563.6406
bobby.moore@xxxxxxxxxxxxx


----------------------------------------------------------------------
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe, e-mail: lvs-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxx
For additional commands, e-mail: lvs-users-help@xxxxxxxxxxxxxxxxxxxxxx