Real & virtual ip address confusion

[John Reuning <john@xxxxxxxxxxx>]

I have an lvs director behaving strangely.  Here's the setup (lvs-nat):

   client                 director           real server
                        real ip:
                         152.2.210.38
                        vip:
152.2.210.124          152.2.210.81       192.168.210.40

And here's the weirdness... The client requests a web page from the vip
(152.2.210.81), gets a response from the vip, then part way through,
gets a response from the real ip of the director (152.2.210.38).  What's
up with that?  Is this normal?

It's really causing problems.  The http requests time out because the
client keeps trying to connect to port 80 on the director's primary ip
address.

I've included some tcpdump output that shows what I'm talking about. 
BTW, the ip addresses are live, so you can check out the response
times.  I got nothin' ta hide. :)  Sometimes the browser requests just
stall.

10:50:19.159436 152.2.241.124.57175 > 152.2.210.81.http: F 2655:2655(0)
ack 1098 win 8576 (DF)
10:50:19.159754 152.2.210.81.http > 152.2.241.124.57174: . ack 11915 win
16380 (DF)
10:50:19.159883 152.2.210.81.http > 152.2.241.124.57175: . ack 2656 win
10880 (DF)
10:50:19.168140 152.2.241.124.57176 > 152.2.210.81.http: S
3694433752:3694433752(0) win 5840 <mss 1460,sackOK,timestamp 42016888
0,nop,wscale 0> (DF)
10:50:19.168766 152.2.210.38.http > 152.2.241.124.57176: S
3635123347:3635123347(0) ack 3694433753 win 5840 <mss 1460,nop,wscale 0>
(DF)
10:50:19.169211 152.2.241.124.57176 > 152.2.210.38.http: R
3694433753:3694433753(0) win 0 (DF)
10:50:22.162947 152.2.241.124.57176 > 152.2.210.81.http: S
3694433752:3694433752(0) win 5840 <mss 1460,sackOK,timestamp 42017188
0,nop,wscale 0> (DF)
10:50:22.163540 152.2.210.38.http > 152.2.241.124.57176: S
3638117609:3638117609(0) ack 3694433753 win 5840 <mss 1460,nop,wscale 0>
(DF)
10:50:22.163865 152.2.241.124.57176 > 192.168.210.40.http: R
3694433753:3694433753(0) win 0 (DF)
10:50:28.166062 152.2.241.124.57176 > 152.2.210.81.http: S
3694433752:3694433752(0) win 5840 <mss 1460,sackOK,timestamp 42017788
0,nop,wscale 0> (DF)
10:50:28.166399 152.2.210.81.http > 152.2.241.124.57176: S
3644119520:3644119520(0) ack 3694433753 win 5840 <mss 1460,nop,wscale 0>
(DF)
10:51:40.464217 152.2.241.124.57178 > 152.2.210.38.http: R
3753272720:3753272720(0) win 0 (DF)

... snip ...

11:17:07.629467 152.2.241.124.57199 > 152.2.210.81.http: S
1081404455:1081404455(0) win 5840 <mss 1460,sackOK,timestamp 42177691
0,nop,wscale 0> (DF)
11:17:07.630351 152.2.210.38.http > 152.2.241.124.57199: S
1037283145:1037283145(0) ack 1081404456 win 5840 <mss 1460,nop,wscale 0>
(DF)
11:17:07.665412 152.2.241.124.57199 > 152.2.210.38.http: R
1081404456:1081404456(0) win 0 (DF)
11:17:10.629284 152.2.241.124.57199 > 152.2.210.81.http: S
1081404455:1081404455(0) win 5840 <mss 1460,sackOK,timestamp 42177991
0,nop,wscale 0> (DF)
11:17:10.630640 152.2.210.38.http > 152.2.241.124.57199: S
1040281537:1040281537(0) ack 1081404456 win 5840 <mss 1460,nop,wscale 0>
(DF)
11:17:10.630987 152.2.241.124.57199 > 152.2.210.38.http: R
1081404456:1081404456(0) win 0 (DF)
11:17:16.634347 152.2.241.124.57199 > 152.2.210.81.http: S
1081404455:1081404455(0) win 5840 <mss 1460,sackOK,timestamp 42178591
0,nop,wscale 0> (DF)
11:17:16.635408 152.2.210.38.http > 152.2.241.124.57199: S
1046282408:1046282408(0) ack 1081404456 win 5840 <mss 1460,nop,wscale 0>
(DF)