|
Hello,
On Wed, 21 Mar 2001, Gargamel Jonez wrote:
> This is my first post to the list, I use ipvsadm for a staging/preproduction
> environments at my work. What a cool package!
>
> I began using the FW Mark to create groupings for virtual servers, and I
> noticed a problem with port translation. Here's the environment:
>
> Linux 2.4.2 / IPVS 0.2.5 / ipvsadm 1.15 / IPTables 1.2
>
> First I made a IPTables entry:
>
> iptables -t mangle -A PREROUTING -d 10.1.2.25 -p tcp --dport 443 -j MARK
> --set-mark 25
>
> then the corresponding ipvs entry:
>
> ipvsadm -A -f 25 -p -s rr
> ipvsadm -a -f 25 -r s11-vpn:448 -m
> ipvsadm -a -f 25 -r s26-vpn:448 -m
>
> As you can see it translates from port 448 <-> 443. With persistance turned
> off, it works exactly as expected. With persistance on, it does not translate
> the port - ie it hits the real servers on port 443 instead of 448. There are
> not conflicting rules BTW. Is this a bug or am I overlooking something?
Bug. The patch against 0.2.5/0.2.6 is attached. Please test!
> The reason I am using 2.4.2/iptables/IPVS 0.2.5 BTW is because with ipchains
> and ipvs-1.0.3 I could not use the DNAT target to ssh into my real servers.
> I made a ipvsadm port 22 target (persistant) to them, but even when I set
> the persistant timeout to an ungodly huge number the connections still timed
> out and froze the ssh connection in a matter of minutes.
>
> Rob
Regards
--
Julian Anastasov <ja@xxxxxx>
fwmnat-1.diff
Description: FWM-NAT fix, v1, against 0.2.6
|
