On Mon, 25 Nov 2002, Julian Anastasov wrote:
> > Nov 22 09:11:27 kaa kernel: IN= OUT=eth0 SRC=192.168.0.1 DST=12.34.56.78
> > LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=12467 DF PROTO=TCP SPT=80 DPT=6414
> > WINDOW=6432 RES=0x00 ACK URGP=0
>
> Source from 192.168.0.1, it is not clear why this reply
> has such source, nobody should change the daddr of the original request
> packet, you are using LocalNode method. As for the real servers
> you can expect to see such packets in LOCAL_OUT because you have
> REDIRECT method:
I'm afraid I do not understand. Are you trying to tell me this is a
(known) side effect of using the redirect approach?
> > I'm using the iptables redirect method:
> >
> > iptables -t nat -A PREROUTING -i eth1 -p tcp -d $VIP --dport 80 -j
> > REDIRECT
>
> I assume you don't have this rule on the director.
Actually I do have this rule on the director just to make sure the four
machines are identical to eachother. I want to be able to pick any of the
four machine to act as a director. I am aware of the fact that this can
cause performance trouble... This iptables rule however will never be used
on the director because there will never be packets destined for the VIP
arriving at eth1 (private interface) on the director.
--
Matthijs van der Klip, Unix Beheerder
Publieke Omroep Internet Beheer []()
Gateway C -- Kamer 107 -- 035 6774252
|