Re: Help with redhat 6.1 kernel 2.2.12-20.NAT works.DR doesnt show incom

To:	catls <catls@xxxxxxxxx>
Subject:	Re: Help with redhat 6.1 kernel 2.2.12-20.NAT works.DR doesnt show incomming packets being transmitted on 2nd iface.
Cc:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From:	Julian Anastasov <uli@xxxxxxxxxxxxxxxxxxxxxx>
Date:	Thu, 11 May 2000 13:00:46 +0300 (EEST)

        Hello,

On Thu, 11 May 2000, catls wrote:

>                                    | 202.142.65.193(This is my isp's server  
>                                    | address.I use dhcp to connect and
>                                    |  obtain it)  
>                                    |
>                                    |
>                                    |  eth1 202.142.65.235 Real IP.External
>                                    |  IP.My clients use this to connect to 
>                                    |   me
>                                    |
>                                    |                          
>                               _____|_______  
>   No patches been installed  |    |__|     |
>   ever on director.          |      __     |
>   Fresh from CD              |_____|__|____|
>   redhat 6.1                         | eth0
>   kernel2.2.12-20                    | 140.141.142.70
>                                      | (Actually should
>                                      | be 192.168 or 10.0 but its been
>                                      | set up before me)
>                                      | INTERNAL IP
>                                      |
>                ______________________|   
>                |
>         _______|_____
>        |             |
>        |_____________|
>        140.141.142.99
>        linux redhat6.1
>        kernel 2.2.12-20  
>        no patches have been installed ever
>        Fresh from CD. 
> 
> I am running masquerading on the director.The commands are
> 
> /sbin/depmod -a
> /sbin/modprobe ip_masq_ftp
> FORWARD_IPV4=true
> echo "1" > /proc/sys/net/ipv4/ip_forward
> echo "1" > /proc/sys/net/ipv4/ip_dynaddr
> /sbin/ipfwadm -M -s 7200 10 160
> /sbin/ipfwadm -F -p deny
> /sbin/ipfwadm -F -a m -S 140.141.0.0/24 -D 0.0.0.0/0
> /sbin/ipchains -A forward -s 140.0.0.0/8 -j MASQ
>  
> Note:Ip spoof is off cat /proc/sys/net/ipv4/conf/all/rp_filter is 0.
> 
> ifconfig info on DIRECTOR.
> 
> eth0      Link encap:Ethernet  HWaddr 00:00:E8:5E:6A:A2
>           inet addr:140.141.142.70  Bcast:140.141.255.255
>           Mask:255.255.0.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:129420 errors:3 dropped:0 overruns:0 frame:0
>           TX packets:132145 errors:53 dropped:0 overruns:0 carrier:106
>           collisions:2785 txqueuelen:100
>           Interrupt:12 Base address:0xe400
> 
> eth1      Link encap:Ethernet  HWaddr 00:00:E8:5E:6C:4F
>           inet addr:202.142.65.235  Bcast:255.255.255.255
>           Mask:255.255.255.0
>           UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:298383 errors:1 dropped:0 overruns:0 frame:0
>           TX packets:266432 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:204 txqueuelen:100
>           Interrupt:11 Base address:0xe800
> 
> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           UP LOOPBACK RUNNING  MTU:3924  Metric:1
> 
> Director routing table
> 
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use
> 140.141.142.70  *               255.255.255.255 UH    0      0        0
> 202.142.65.0    *               255.255.255.0   U     0      0        0
> 140.141.0.0     *               255.255.0.0     U     0      0        0
> 127.0.0.0       *               255.0.0.0       U     0      0        0 lo
> default         202.142.65.193  0.0.0.0         UG    0      0        0
> 
> Ipvsadm commands run on director.I am using the default ipvsadm that comes
> with the RedHat CD.Piranha 0.2.1
> 
> It is version 1.3
> 
> ipvsadm -A -t 202.142.65.235:25 -s rr
> ipvsadm -a -t 202.142.65.235:25 -r 140.141.142.99 -g -w 1
> 
> 
> 
> On the realserver.
> 
> ifconfig output is
> 
> 
> eth0      Link encap:Ethernet  HWaddr 00:20:18:2D:C8:43
>           inet addr:140.141.142.99  Bcast:140.141.142.255
>           Mask:255.255.255.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:115 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:100
>           Interrupt:10 Base address:0xe800
> 
> eth0:1    Link encap:Ethernet  HWaddr 00:20:18:2D:C8:43
>           inet addr:202.142.65.235  Bcast:202.142.65.255
>           Mask:255.255.255.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           Interrupt:10 Base address:0xe800
> 

        Oh! Why on eth0:1. OK.

> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           UP LOOPBACK RUNNING  MTU:3924  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
> 
> Route output of realserver is
> 
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use
> 140.141.142.99  *               255.255.255.255 UH    0      0        0
> 140.141.142.0   *               255.255.255.0   U     0      0        0
> 202.142.65.0    *               255.255.255.0   U     0      0        0
> 127.0.0.0       *               255.0.0.0       U     0      0        0 lo
> default         140.141.142.70  0.0.0.0         UG    0      0        0

        Wait! What is this? Director used as def gw in Direct route mode?
If you don't play with the policy routing you can't achieve that. Your
packets can't go from the real server through the Director with saddr=VIP.

> 
> When i try to connect to 202.142.65.235 via telnet 202.142.65.235 25 FROM
> THE INTERNET it just sits and waits until timeout.
> 
> I ran tcpdump on the director interfaces and on the realserver interface.
> The packets from the internet reach the director on eth1 but i dont see
> any packets from the director going to the client.The client interface
> dump also doesnt show anything.
> I am not very conversant with tcpdump so i cant be very sure.
> 
> NOTE:
> I AM TRYING OUT LARS METHOD AND SENDING PACKETS OUT OF THE DIRECTOR
> INTERFACE ITSELF.

        How do you use this method? You must stop IDENT in the
mail servers too, when in Direct route mode.

> 
> NAT however works perfectly.

        Use NAT! Is that a problem?

> Hope you can help me.
> 


Regards

--
Julian Anastasov <uli@xxxxxxxxxxxxxxxxxxxxxx>

<Prev in Thread]	Current Thread	[Next in Thread>
Help with redhat 6.1 kernel 2.2.12-20.NAT works.DR doesnt show incomming packets being transmitted on 2nd iface., catls Re: Help with redhat 6.1 kernel 2.2.12-20.NAT works.DR doesnt show incomming packets being transmitted on 2nd iface., Horms Re: Help with redhat 6.1 kernel 2.2.12-20.NAT works.DR doesnt show incomming packets being transmitted on 2nd iface., Julian Anastasov <=

Previous by Date:	Re: Help with redhat 6.1 kernel 2.2.12-20.NAT works.DR doesnt show incomming packets being transmitted on 2nd iface., Horms
Next by Date:	NATs on linux, Seth P. Simons
Previous by Thread:	Re: Help with redhat 6.1 kernel 2.2.12-20.NAT works.DR doesnt show incomming packets being transmitted on 2nd iface., Horms
Next by Thread:	NATs on linux, Seth P. Simons
Indexes:	[Date] [Thread] [Top] [All Lists]