|
We're trying to set up a NAT config using a 2.4.0 based director, but are
having some difficulty in getting it working. The same config and hardware
works okay with a 2.2 based director and we did get a 2.4 based DR config
working.
Here is a summary of the config:
Realserver Director (2 nics) Client
10.1.19.6 10.1.19.20/10.1.20.20 10.1.20.2
10.1.20.110 (VIP)
What appears to be happening is that the client cannot establish a connection
because the we are not properly masquerading the packets on the director.
The following is an editted tcpdump between the director and the client:
10.1.20.2.10879 > 10.1.20.110.www: S 3255945988:3255945988(0)
10.1.20.20.61000 > 10.1.20.2.10879: S 3741066366:3741066366(0) ack 3255945989
10.1.20.2.10879 > 10.1.20.20.61000: R 3255945989:3255945989(0)
It seems that the acknowledgment of the SYN should be masqueraded from
the VIP:80 rather than the DIP. Here is a working sequence with a 2.2
based director:
10.1.20.2.10875 > 10.1.20.110.www: S 66728561:66728561(0)
10.1.20.110.www > 10.1.20.2.10875: S 559632467:559632467(0) ack 66728562
10.1.20.2.10875 > 10.1.20.110.www: . 1:1(0) ack 1
We are using the ipchains.o module in the netfilter module, i.e. not
the ip_nat code. Here is the ipchains command we used (which works under
2.2):
ipchains -A forward -j MASQ -s 10.1.19.0/24 -d 0.0.0.0/0
Any suggestions / advice would be greatly appreciated.
Thanks,
Pat
--
Patrick O'Rourke
orourke@xxxxxxxxxxxxxxxxxxxxxxxx
|
