|
Hello,
On Mon, 25 Nov 2002, Matthijs van der Klip wrote:
> > Source from 192.168.0.1, it is not clear why this reply
> > has such source, nobody should change the daddr of the original request
> > packet, you are using LocalNode method. As for the real servers
> > you can expect to see such packets in LOCAL_OUT because you have
> > REDIRECT method:
>
> I'm afraid I do not understand. Are you trying to tell me this is a
> (known) side effect of using the redirect approach?
No, this is the way the REDIRECT method is working in 2.4,
it uses NAT. IIRC:
- change daddr in PRE_ROUTING for out->in packets (requests)
- change saddr in POST_ROUTING for in->out packets (replies)
So, on the real servers it is ok to see 192.168.0.X as
saddr in LOCAL_OUT, for the director I don't know why this happens,
LocalNode does not change daddr to 192.168.0.1 in the incoming packet.
May be it can happen during real server/DR mode change. IPVS determines
the forwarding method on configuration (add/edit RS). So, if you
change the box mode IPVS can not detect this change and can not
switch between LocalNode/DR. You have to reconfigure IPVS on mode
change. IPVS also can not detect device events (add/del IP, etc).
> > I assume you don't have this rule on the director.
>
> Actually I do have this rule on the director just to make sure the four
> machines are identical to eachother. I want to be able to pick any of the
> four machine to act as a director. I am aware of the fact that this can
> cause performance trouble... This iptables rule however will never be used
> on the director because there will never be packets destined for the VIP
> arriving at eth1 (private interface) on the director.
Then I don't know who changes daddr to 192.168.0.1, it can
happen only if REDIRECT receives packet on eth1.
Regards
--
Julian Anastasov <ja@xxxxxx>
|
