>Did you switched off KeepAlive in apache's conf ?
KeepAlive was on on Machine 1, it's now off.
> Definitely better ! But the DGW should, in your case, be 192.168.0.254
> (actually what you've set nat_router to in lvs.cf).
Corrected
>> I ran:
>> iptables -t nat -A POSTROUTING -s 192.168.0.41 -j MASQUERADE
>Why did you do that ? You should not need that, at least for the first
>shot.
It was in the HOWTO under a checklist for NAT based LVS.
> That's what I think too. Did you check /proc/sys/net/ipv4/ip_forward
> which should (check the howto) be set to 1.
It was 0 on machine 2, now 1, and still not working :(
> Run a few tcpdumps on all concerned hosts and you'll certainly find some
> interesting infos to give us :)
Running:
tcpdump -i eth1 host \(192.168.0.41 and 192.168.0.43\) or \(192.168.0.41 and
10.122.16.48\) or \(192.168.0.43 and 10.122.16.48\)
On Machine 2 gives loads of stuff along these lines (10.122.16.48 is the
client):
17:05:12.958440 10.122.16.48.2834 > 192.168.0.43.http: S
1517013414:1517013414(0) win 64240 <mss 1460,nop,nop,sackOK> (DF)
17:05:12.958440 192.168.0.43.http > 10.122.16.48.2834: S
81723191:81723191(0) ack 1517013415 win 5840 <mss 1460,nop,nop,sackOK> (DF)
17:05:14.618440 192.168.0.43.http > 10.122.16.48.2834: S
81723191:81723191(0) ack 1517013415 win 5840 <mss 1460,nop,nop,sackOK> (DF)
17:05:14.698440 192.168.0.41.1023 > 192.168.0.43.shell: S
4234455982:4234455982(0) win 5840 <mss 1460,sackOK,timestamp 2527022
0,nop,wscale 0> (DF)
17:05:14.698440 192.168.0.43.shell > 192.168.0.41.1023: R 0:0(0) ack
33049984 win 0 (DF)
17:05:18.968440 10.122.16.48.2834 > 192.168.0.43.http: S
1517013414:1517013414(0) win 64240 <mss 1460,nop,nop,sackOK> (DF)
17:05:18.968440 192.168.0.43.http > 10.122.16.48.2834: S
81723191:81723191(0) ack 1517013415 win 5840 <mss 1460,nop,nop,sackOK> (DF)
17:05:20.618440 192.168.0.43.http > 10.122.16.48.2834: S
81723191:81723191(0) ack 1517013415 win 5840 <mss 1460,nop,nop,sackOK> (DF)
17:05:30.708440 192.168.0.41.1023 > 192.168.0.43.shell: S
4250465984:4250465984(0) win 5840 <mss 1460,sackOK,timestamp 2528623
0,nop,wscale 0> (DF)
17:05:30.708440 192.168.0.43.shell > 192.168.0.41.1023: R 0:0(0) ack
49059986 win 0 (DF)
17:05:31.018440 192.168.0.43.http > 10.122.16.48.2832: S
59179863:59179863(0) ack 1510563931 win 5840 <mss 1460,nop,nop,sackOK> (DF)
17:05:32.618440 192.168.0.43.http > 10.122.16.48.2834: S
81723191:81723191(0) ack 1517013415 win 5840 <mss 1460,nop,nop,sackOK> (DF)
17:05:35.618440 192.168.0.43.http > 10.122.16.48.2830: S
29109222:29109222(0) ack 1499804650 win 5840 <mss 1460,nop,nop,sackOK> (DF)
17:05:36.708440 192.168.0.41 > 192.168.0.43: icmp: echo request (DF)
17:05:36.708440 192.168.0.43 > 192.168.0.41: icmp: echo reply
17:05:36.708440 192.168.0.41.4049 > 192.168.0.43.http: S
4255791755:4255791755(0) win 5840 <mss 1460,sackOK,timestamp 2529223
0,nop,wscale 0> (DF)
17:05:36.708440 192.168.0.43.http > 192.168.0.41.4049: S
114781870:114781870(0) ack 4255791756 win 5792 <mss 1460,sackOK,timestamp
9765468 2529223,nop,wscale 0> (DF)
17:05:36.708440 192.168.0.41.4049 > 192.168.0.43.http: . ack 1 win 5840
<nop,nop,timestamp 2529223 9765468> (DF)
17:05:36.708440 192.168.0.41.4049 > 192.168.0.43.http: P 1:19(18) ack 1 win
5840 <nop,nop,timestamp 2529223 9765468> (DF)
17:05:36.708440 192.168.0.43.http > 192.168.0.41.4049: . ack 19 win 5792
<nop,nop,timestamp 9765468 2529223> (DF)
17:05:36.718440 192.168.0.43.http > 192.168.0.41.4049: P 1:409(408) ack 19
win 5792 <nop,nop,timestamp 9765469 2529223> (DF)
17:05:36.718440 192.168.0.43.http > 192.168.0.41.4049: F 409:409(0) ack 19
win 5792 <nop,nop,timestamp 9765469 2529223> (DF)
17:05:36.718440 192.168.0.41.4049 > 192.168.0.43.http: . ack 409 win 6432
<nop,nop,timestamp 2529223 9765469> (DF)
17:05:36.718440 192.168.0.41.4049 > 192.168.0.43.http: R 19:19(0) ack 410
win 6432 <nop,nop,timestamp 2529223 9765469> (DF)
On the director, this clip includes a fetch from the director machines
apache, and an attempted fetch from the plain apache machine:
tcpdump: listening on eth1
18:12:36.381487 192.168.0.41 > 192.168.0.43: icmp: echo request (DF)
18:12:36.381487 192.168.0.41.4061 > 192.168.0.43.http: S
63054156:63054156(0) win 5840 <mss 1460,sackOK,timestamp 2539035
0,nop,wscale 0> (DF)
18:12:36.381487 192.168.0.43 > 192.168.0.41: icmp: echo reply
18:12:36.381487 192.168.0.43.http > 192.168.0.41.4061: S
211316948:211316948(0) ack 63054157 win 5792 <mss 1460,sackOK,timestamp
9775281 2539035,nop,wscale 0> (DF)
18:12:36.381487 192.168.0.41.4061 > 192.168.0.43.http: . ack 1 win 5840
<nop,nop,timestamp 2539035 9775281> (DF)
18:12:36.381487 192.168.0.41.4061 > 192.168.0.43.http: P 1:19(18) ack 1 win
5840 <nop,nop,timestamp 2539035 9775281> (DF)
18:12:36.381487 192.168.0.43.http > 192.168.0.41.4061: . ack 19 win 5792
<nop,nop,timestamp 9775281 2539035> (DF)
18:12:36.381487 192.168.0.43.http > 192.168.0.41.4061: P 1:409(408) ack 19
win 5792 <nop,nop,timestamp 9775281 2539035> (DF)
18:12:36.381487 192.168.0.41.4061 > 192.168.0.43.http: . ack 409 win 6432
<nop,nop,timestamp 2539035 9775281> (DF)
18:12:36.381487 192.168.0.43.http > 192.168.0.41.4061: F 409:409(0) ack 19
win 5792 <nop,nop,timestamp 9775281 2539035> (DF)
18:12:36.381487 192.168.0.41.4061 > 192.168.0.43.http: R 19:19(0) ack 410
win 6432 <nop,nop,timestamp 2539035 9775281> (DF)
18:12:38.891487 <client>.2840 > 192.168.0.43.http: S
1549076285:1549076285(0) win 64240 <mss 1460,nop,nop,sackOK> (DF)
18:12:38.891487 192.168.0.43.http > <client>.2840: S 215676260:215676260(0)
ack 1549076286 win 5840 <mss 1460,nop,nop,sackOK> (DF)
18:12:41.881487 <client>.2840 > 192.168.0.43.http: S
1549076285:1549076285(0) win 64240 <mss 1460,nop,nop,sackOK> (DF)
18:12:41.881487 192.168.0.43.http > <client>.2840: S 215676260:215676260(0)
ack 1549076286 win 5840 <mss 1460,nop,nop,sackOK> (DF)
18:12:42.381487 192.168.0.41 > 192.168.0.43: icmp: echo request (DF)
18:12:42.381487 192.168.0.41.4063 > 192.168.0.43.http: S
72519701:72519701(0) win 5840 <mss 1460,sackOK,timestamp 2539635
0,nop,wscale 0> (DF)
18:12:42.381487 192.168.0.43 > 192.168.0.41: icmp: echo reply
18:12:42.381487 192.168.0.43.http > 192.168.0.41.4063: S
226807305:226807305(0) ack 72519702 win 5792 <mss 1460,sackOK,timestamp
9775881 2539635,nop,wscale 0> (DF)
18:12:42.381487 192.168.0.41.4063 > 192.168.0.43.http: . ack 1 win 5840
<nop,nop,timestamp 2539635 9775881> (DF)
18:12:42.381487 192.168.0.41.4063 > 192.168.0.43.http: P 1:19(18) ack 1 win
5840 <nop,nop,timestamp 2539635 9775881> (DF)
18:12:42.381487 192.168.0.43.http > 192.168.0.41.4063: . ack 19 win 5792
<nop,nop,timestamp 9775881 2539635> (DF)
18:12:42.381487 192.168.0.43.http > 192.168.0.41.4063: P 1:409(408) ack 19
win 5792 <nop,nop,timestamp 9775881 2539635> (DF)
18:12:42.381487 192.168.0.41.4063 > 192.168.0.43.http: . ack 409 win 6432
<nop,nop,timestamp 2539635 9775881> (DF)
18:12:42.381487 192.168.0.41.4063 > 192.168.0.43.http: R 19:19(0) ack 409
win 6432 <nop,nop,timestamp 2539635 9775881> (DF)
18:12:42.381487 192.168.0.43.http > 192.168.0.41.4063: F 409:409(0) ack 19
win 5792 <nop,nop,timestamp 9775881 2539635> (DF)
18:12:42.381487 192.168.0.41.4063 > 192.168.0.43.http: R
72519720:72519720(0) win 0 (DF)
18:12:42.551487 192.168.0.43.http > <client>.2840: S 215676260:215676260(0)
ack 1549076286 win 5840 <mss 1460,nop,nop,sackOK> (DF)
18:12:45.551487 192.168.0.43.http > <client>.2838: S 194554419:194554419(0)
ack 1545021198 win 5840 <mss 1460,nop,nop,sackOK> (DF)
18:12:47.891487 <client>.2840 > 192.168.0.43.http: S
1549076285:1549076285(0) win 64240 <mss 1460,nop,nop,sackOK> (DF)
18:12:47.891487 192.168.0.43.http > <client>.2840: S 215676260:215676260(0)
ack 1549076286 win 5840 <mss 1460,nop,nop,sackOK> (DF)
18:12:48.381487 192.168.0.41 > 192.168.0.43: icmp: echo request (DF)
18:12:48.381487 192.168.0.41.4064 > 192.168.0.43.http: S
68724961:68724961(0) win 5840 <mss 1460,sackOK,timestamp 2540235
0,nop,wscale 0> (DF)
18:12:48.381487 192.168.0.43 > 192.168.0.41: icmp: echo reply
18:12:48.381487 192.168.0.43.http > 192.168.0.41.4064: S
233009288:233009288(0) ack 68724962 win 5792 <mss 1460,sackOK,timestamp
9776481 2540235,nop,wscale 0> (DF)
18:12:48.381487 192.168.0.41.4064 > 192.168.0.43.http: . ack 1 win 5840
<nop,nop,timestamp 2540235 9776481> (DF)
18:12:48.381487 192.168.0.41.4064 > 192.168.0.43.http: P 1:19(18) ack 1 win
5840 <nop,nop,timestamp 2540235 9776481> (DF)
18:12:48.381487 192.168.0.43.http > 192.168.0.41.4064: . ack 19 win 5792
<nop,nop,timestamp 9776481 2540235> (DF)
18:12:48.381487 192.168.0.43.http > 192.168.0.41.4064: P 1:409(408) ack 19
win 5792 <nop,nop,timestamp 9776481 2540235> (DF)
18:12:48.381487 192.168.0.41.4064 > 192.168.0.43.http: . ack 409 win 6432
<nop,nop,timestamp 2540235 9776481> (DF)
18:12:48.381487 192.168.0.41.4064 > 192.168.0.43.http: R 19:19(0) ack 409
win 6432 <nop,nop,timestamp 2540235 9776481> (DF)
18:12:48.381487 192.168.0.43.http > 192.168.0.41.4064: F 409:409(0) ack 19
win 5792 <nop,nop,timestamp 9776481 2540235> (DF)
18:12:48.381487 192.168.0.41.4064 > 192.168.0.43.http: R
68724980:68724980(0) win 0 (DF)
18:12:48.381487 192.168.0.41.1023 > 192.168.0.43.shell: S
71628164:71628164(0) win 5840 <mss 1460,sackOK,timestamp 2540235
0,nop,wscale 0> (DF)
18:12:48.381487 192.168.0.43.shell > 192.168.0.41.1023: R 0:0(0) ack
71628165 win 0 (DF)
18:12:48.551487 192.168.0.43.http > <client>.2840: S 215676260:215676260(0)
ack 1549076286 win 5840 <mss 1460,nop,nop,sackOK> (DF)
18:12:49.401487 192.168.0.41.1023 > 192.168.0.43.shell: S
72638674:72638674(0) win 5840 <mss 1460,sackOK,timestamp 2540337
0,nop,wscale 0> (DF)
18:12:49.401487 192.168.0.43.shell > 192.168.0.41.1023: R 0:0(0) ack 1010511
win 0 (DF)
18:12:51.411487 192.168.0.41.1023 > 192.168.0.43.shell: S
74648673:74648673(0) win 5840 <mss 1460,sackOK,timestamp 2540538
0,nop,wscale 0> (DF)
18:12:51.411487 192.168.0.43.shell > 192.168.0.41.1023: R 0:0(0) ack 3020510
win 0 (DF)
18:12:55.421487 192.168.0.41.1023 > 192.168.0.43.shell: S
78658679:78658679(0) win 5840 <mss 1460,sackOK,timestamp 2540939
0,nop,wscale 0> (DF)
18:12:55.421487 192.168.0.43.shell > 192.168.0.41.1023: R 0:0(0) ack 7030516
win 0 (DF)
18:13:00.551487 192.168.0.43.http > <client>.2840: S 215676260:215676260(0)
ack 1549076286 win 5840 <mss 1460,nop,nop,sackOK> (DF)
53 packets received by filter
0 packets dropped by kernel
I've replaced the fully qualified machine name of the client with <client>
for the sake of clarity and security. I'm afraid this is all greek to me.
Mike
|