|
Julian Anastasov <ja@xxxxxx> writes:
> On 16 Aug 2001, Kjetil Torgrim Homme wrote:
>
> > The director has two network interfaces, one public and one
> > private. The two real servers are connected to a hub in the
> > private net. There are no firewall rules. The masquerading is
> > set up using ipchains.
> >
> > ipchains -A forward -j MASQ -s 10.218.128.0/24 -d 0.0.0.0/0
> >
> > The problem: The request from the outside goes into the director,
> > is masqueraded and passed on, and the real server sends a reply.
> > Unfortunately, the reply is not demasqueraded and it gets dropped.
>
> Why is dropped? OUTPUT rule? rp_filter-ed?
The forward rule is the only rule (yet :-), no fancy stuff.
> You have to read
> http://www.linuxvirtualserver.org/~julian/L4-NAT-HOWTO.txt You can
> report if you discover a new reason for NAT problems. It is always
> interesting when someone is hit by new problem.
Okay, I will do that.
> Wow. Can happen sometimes in tests. This is an usual setup and
> I can't believe that the kernel could be broken. I don't remember
> for any 2.4 bugs in the ipchains compat modules. There is a wrong
> route call but it is copied from the 2.2.x (x<14) age.
Alright. I have heard varying reports on which versions of 2.4.x to
avoid... I guess I should at least try the 2.4.3 RH errata and
perhaps 2.4.9 with ipvs 0.8.1.
Thank you for your reply!
Kjetil T.
|
