routing problem on RS in lvs_nat

[<malalon@xxxxxxxxxxxxxx>]

Hello.

I'm trying to set up lvs nat on my network.
My config was:
12 PCs (kernel 2.2.19, ipvs-1.0.8-2.2.19) with IPs 194.29.167.60 ... 72, mask 
255.255.255.128, GW 194.29.167.126.

I've chnged one PC's IP to be a RealServer to 192.168.1.2 and one to be a 
Director to 192.168.1.1.

When I run rc.lvs_nat on RS it says: "the path to the director's default gw 
does not go through the director", but when I run traceroute everything looks 
ok (see below).

What is the problem, can anyone help me?

Malalon

*************************************

My lvs_nat.conf:

LVS_TYPE=VS_NAT
INITIAL_STATE=on  
VIP=eth0:110 194.29.167.69 255.255.255.128 194.29.167.127
DIRECTOR_INSIDEIP=eth0 192.168.1.1 192.168.1.0 255.255.255.128 192.168.1.127
DIRECTOR_DEFAULT_GW=194.29.167.126
SERVICE=t telnet rr 192.168.1.2:telnet 
SERVER_NET_DEVICE=eth0


*********************************************

rc.lvs_nat on Director

looking for standard utilities
$IPCHAINS=/sbin/ipchains
$PING=/bin/ping -c 1
$IFCONFIG=/sbin/ifconfig
$NETSTAT=/bin/netstat
$ROUTE=/sbin/route
$AWK=/usr/bin/awk
$AWK=/bin/awk
fping not found, using ping instead
$FPING=/bin/ping -c 1
done
LVS director 

clearing ipchain rules 
turn on ip forwarding



adding ethernet device and routing for VIP 194.29.167.69 
listing ifconfig info for VIP 194.29.167.69 
eth0:110  Link encap:Ethernet  HWaddr 00:C0:4F:B4:2B:06  
          inet addr:194.29.167.69  Bcast:194.29.167.255  Mask:255.255.255.128
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:11 Base address:0xdcc0 

checking VIP 194.29.167.69 is reachable from self (director): PING 
194.29.167.69 (194.29.167.69) from 194.29.167.69 : 56(84) bytes of data.
64 bytes from 194.29.167.69: icmp_seq=0 ttl=255 time=0.2 ms

--- 194.29.167.69 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.2/0.2/0.2 ms
listing routing info for VIP 194.29.167.69 
194.29.167.69   0.0.0.0         255.255.255.255 UH        0 0          0 eth0

 
installing LVS services with ipvsadm
checking if server 192.168.1.2 is reachable from director: PING 192.168.1.2 
(192.168.1.2) from 192.168.1.1 : 56(84) bytes of data.
64 bytes from 192.168.1.2: icmp_seq=0 ttl=255 time=0.6 ms

--- 192.168.1.2 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.6/0.6/0.6 ms
 
displaying ipvsadm settings 
IP Virtual Server version 1.0.8 (size=4096)                    
Prot LocalAddress:Port Scheduler Flags                         
  -> RemoteAddress:Port             Forward Weight ActiveConn InActConn
TCP  lab4-9.ia.pw.edu.pl:telnet rr
  -> net02.ia.pw.edu.pl:telnet      Masq    1      0          0         

installing ipchain rules
masquerading tcp 192.168.1.2:telnet:tcp to outside world
ipchain rules 
Chain input (policy ACCEPT):
Chain forward (policy ACCEPT):
target     prot opt     source                destination           ports
MASQ       tcp  ------  net02.ia.pw.edu.pl   anywhere              telnet ->   
any
Chain output (policy ACCEPT):

 
changing default gw to 194.29.167.126
showing routing table
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.1.1     0.0.0.0         255.255.255.255 UH        0 0          0 eth0
194.29.167.69   0.0.0.0         255.255.255.255 UH        0 0          0 eth0
194.29.167.0    0.0.0.0         255.255.255.128 U         0 0          0 eth0
192.168.1.0     0.0.0.0         255.255.255.128 U         0 0          0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
0.0.0.0         194.29.167.126  0.0.0.0         UG        0 0          0 eth0

checking if DEFAULT_GW 194.29.167.126 is reachable - PING 194.29.167.126 
(194.29.167.126) from 194.29.167.69 : 56(84) bytes of data.64 bytes from 
194.29.167.126: icmp_seq=0 ttl=30 time=2.6 ms--- 194.29.167.126 ping statistics 
---1 packets transmitted, 1 packets received, 0% packet lossround-trip 
min/avg/max = 2.6/2.6/2.6 ms, good
 
checking for valid server_gw 
default gw for the vs-nat servers is on director, good 


*****************************************

rc.lvs_nat on RealServer

looking for standard utilities
$IPCHAINS=/sbin/ipchains
$PING=/bin/ping -c 1
$IFCONFIG=/sbin/ifconfig
$NETSTAT=/bin/netstat
$ROUTE=/sbin/route
$AWK=/usr/bin/awk
$AWK=/bin/awk
fping not found, using ping instead
$FPING=/bin/ping -c 1
done

 
changing default gw to 192.168.1.1
showing routing table
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.1.2     0.0.0.0         255.255.255.255 UH        0 0          0 eth0
192.168.1.0     0.0.0.0         255.255.255.128 U         0 0          0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0 eth0

checking if DEFAULT_GW 192.168.1.1 is reachable - PING 192.168.1.1 
(192.168.1.1) from 192.168.1.2 : 56(84) bytes of data.64 bytes from 
192.168.1.1: icmp_seq=0 ttl=255 time=10.9 ms--- 192.168.1.1 ping statistics 
---1 packets transmitted, 1 packets received, 0% packet lossround-trip 
min/avg/max = 10.9/10.9/10.9 ms, good
LVS realserver type vs-nat 

 
looking for DIIP 192.168.1.1 
PING 192.168.1.1 (192.168.1.1) from 192.168.1.2 : 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=0 ttl=255 time=0.5 ms

--- 192.168.1.1 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.5/0.5/0.5 ms
found, good
not local, good 


looking for VIP on director from realserver
director is accepting packets on network device eth0:110
VIP not on real-server at this stage
VIP will be on director
pinging VIP
PING 194.29.167.69 (194.29.167.69) from 192.168.1.2 : 56(84) bytes of data.
64 bytes from 194.29.167.69: icmp_seq=0 ttl=255 time=0.5 ms

--- 194.29.167.69 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.5/0.5/0.5 ms
194.29.167.69 found, good. It's not on this real-server, assume it's on the 
director. 

checking default routing for vs-nat realserver 
packets to director's default gw should go through director.
(this test will return quickly if the routing is wrong for VS-NAT,)
(will return in about 2 secs if setup correctly,)
(and will hang if the routing is deranged.)
Is director's default gw 2 hops away and is director one hop away on the path 
to the director's gw?
error: the path to the director's default gw does not go through the director. 
hops to director's gw       2 
hops to director  
this vs-nat LVS will not work.
you can fix this by changing the IP's, networks and routing of the LVS.
1. the network for the realservers must be private.
2. the default gw for the realservers must be the director.
3. a route to the director is not good enough, it won't work, the director must 
be the default gw.
4. the realservers must not have any other routes to the client.
(Some routing problems are fixed by rerunning the script.)
 
To help debug the problem, here's the output of netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.1.2     0.0.0.0         255.255.255.255 UH        0 0          0 eth0
192.168.1.0     0.0.0.0         255.255.255.128 U         0 0          0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0 eth0

*****************************************************
 
Traceroute -n -s 192.168.1.2 194.29.167.126

 1  192.168.1.1  0.646 ms  0.475 ms  0.465 ms
 2  194.29.167.126  2.511 ms  1.690 ms  1.670 ms