|
I'm using ipvs-0.8.1
-----------------------------
On the realserver I've tried both:
tcpdump -ln host dip
and
tcpdump -ln host vip
and just a plain tcpdump
All show no packets hitting the realserver.
------------------------------
From your help page:
Here is a tcpdump -ln host CLIENT_IP run from the director:
tcpdump -ln host 216.163.xxx.2
tcpdump: listening on eth0
21:20:04.474146 216.163.xxx.2.4100 > 216.163.xxx.4.25: S
2673731144:2673731144(0) win 16060 <mss 1460,sackOK,timestamp
712873306[|tcp]> (DF) [tos 0x10]
21:20:07.471979 216.163.xxx.2.4100 > 216.163.xxx.4.25: S
2673731144:2673731144(0) win 16060 <mss 1460,sackOK,timestamp
712873606[|tcp]> (DF) [tos 0x10]
21:20:09.471980 arp who-has 216.163.xxx.4 tell 216.163.xxx.2
21:20:09.471998 arp reply 216.163.xxx.4 is-at 0:d0:a8:0:3c:eb
21:20:13.472020 216.163.xxx.2.4100 > 216.163.xxx.4.25: S
2673731144:2673731144(0) win 16060 <mss 1460,sackOK,timestamp
712874206[|tcp]> (DF) [tos 0x10]
21:20:25.472089 216.163.xxx.2.4100 > 216.163.xxx.4.25: S
2673731144:2673731144(0) win 16060 <mss 1460,sackOK,timestamp
712875406[|tcp]> (DF) [tos 0x10]
6 packets received by filter
0 packets dropped by kernel
Q.3 Is the traffic forwarded from the LVS box, in both directions?
I think I fall under:
A.4 All packets from the client are dropped (since it never seems to go to
the realserver)
- the requests are received on wrong interface with rp_filter
protection
- firewall rules drop the requests
I don't have any other firewall rules setup other then the masquerading.
I don't know what rp_filter protection is, can you explain the first reason
for failure there?
-----Original Message-----
From: Julian Anastasov [mailto:ja@xxxxxx]
Sent: Thursday, September 06, 2001 8:09 PM
To: Jeremy Kusnetz
Cc: 'lvs-users@xxxxxxxxxxxxxxxxxxxxxx'
Subject: Re: SYN_RECV LVS_NAT on 2.4.7 kernel
Hello,
On Thu, 6 Sep 2001, Jeremy Kusnetz wrote:
> Hey all, hope you can help I'm going crazy here.
>
> I've had LVS_NAT working on 2.2 kernel environment with no problems for
> awhile.
>
> I've recently upgrade to a 2.4.7 kernel and had LVS_NAT working on it for
> awhile on my development environment. At that time I just had one
director
> box, and one realserver. I decided to add another realserver, while doing
> so I gave the new realserver the IP address of the old one, and the old
one
> new IP addresses. I also restarted the director after the upgrades. Now
> when trying to connect from a client it just hangs.
>
> My setup:
> Client: 216.163.XXX.2 Box 1
>
> VIP: 216.163.XXX.4 eth0 Box2
> DIP: 10.75.0.1 eth1
>
> RIP 10.75.0.11 and 10.75.32.11 Box 3
>
> 10.75.0.1 is the gateway for the realservers, I can ping the VIP from the
> realservers.
>
> I've tried masquerading with iptables:
> /usr/local/sbin/iptables -t nat -A POSTROUTING -s 10.75.0.0/16 -d
0.0.0.0/0
> -o eth0 -j MASQUERADE
If you have such iptables rule then you can try your setup
with the commands specified here:
http://www.linux-vs.org/~julian/L4-NAT-HOWTO.txt
> With this setup I can ping the world on my realservers.
Very strange
> I've also tried it without seting up the masquerading.
>
> LVS is set up as:
And what is the LVS version?
> /sbin/modprobe ip_vs_rr
> ipvsadm -C
> ipvsadm -A -t 216.163.XXX.4:25 -s rr
> ipvsadm -a -t 216.163.XXX.4:25 -R 10.75.0.11:25 -m
> ipvsadm -a -t 216.163.XXX.4:25 -R 10.75.32.11:25 -m
>
> On the director when doing a ipvsadm -l -c
> # ipvsadm -l -c
> IPVS connection entries
> pro expire state source virtual destination
>
> TCP 00:58.17 SYN_RECV 216.163.XXX.2:3713 216.163.XXX.4:smtp
> 10.75.0.11:smtp
>
> Which I think means that it's not getting any response from the
realservers.
> I've done tcpdumps on the realservers and I'm not getting any traffic from
> the director, but from the director I can talk to the RIP's service and it
> works like expected.
Hm, are you sure you don't miss the traffic, what is the
tcpdump command?
> I've gone back and removed the new realserver and re-IPed back to the way
> things were and I'm still having the same problem.
>
> HELP!
Regards
--
Julian Anastasov <ja@xxxxxx>
|
