|
On Sun, Aug 24, 2003 at 04:20:19PM -0400, Marc Tardif wrote:
> linux kernel 2.4.21
> ipvs and ipvsadm installed from ipvs 1.0.10 tarball
>
> I can get ip_vs to redirect incoming packets on port 80 to an internal
> box, but I can't seem to return these packets to the calling host.
> Here's my network setup:
>
> external gateway internal
> -------- ------- --------
> 192.168.0.68 -> 192.168.0.2
> 10.9.201.2 -> 10.9.201.225
>
> The gateway has the following interfaces and filtering configuration
> (command outputs have been shortened):
>
> # ifconfig
> eth0 inet addr:10.9.201.2 Bcast:10.9.201.255 Mask:255.255.255.0
> eth1 inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0
> # ipvsadm -L
> TCP 192.168.0.2:http wlc
> -> 10.9.201.225:http Masq 1 0 0
> # ipchains -L
> Chain forward (policy ACCEPT):
> target prot opt source destination
> MASQ all ----l- 10.9.201.0/24 anywhere
>
>
> The internal box has the gateway configured as a default gateway:
>
> # netstat -rn
> Kernel IP routing table
> Destination Gateway Genmask Flags Iface
> 10.9.201.0 0.0.0.0 255.255.255.0 U eth0
> 192.168.0.0 10.9.201.2 255.255.255.0 UG eth0
>
>
> This is the tcpdump on the gateway generated by the external box
> attempting to telnet to port 80 of the gateway:
>
> 15:34:21.737622 192.168.0.68.1071 > 10.9.201.225.http: S
> 855275531:855275531(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
> 15:34:21.737927 10.9.201.225.http > 192.168.0.68.1071: S
> 4039057286:4039057286(0) ack 855275532 win 5840 <mss
> 1460,nop,nop,sackOK> (DF)
> 15:34:24.651755 192.168.0.68.1071 > 10.9.201.225.http: S
> 855275531:855275531(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
> 15:34:24.652003 10.9.201.225.http > 192.168.0.68.1071: S
> 4039057286:4039057286(0) ack 855275532 win 5840 <mss
> 1460,nop,nop,sackOK> (DF)
> 15:34:24.728277 10.9.201.225.http > 192.168.0.68.1071: S
> 4039057286:4039057286(0) ack 855275532 win 5840 <mss
> 1460,nop,nop,sackOK> (DF)
Hi,
I take it that this tcpdump was taken on the internal interface
of the linux director (gateway). If so it looks like the packet
from the real server (external box) is being correctly sent to
the real server (internal box) and that the real server is in
turn replying correctly, It also seems that the Linux Director is
seeing the return packet, though without examining the MAC address
it is hard to confirm that it has been sent to the Linux Director.
I would suspect that the problem is that that the Linux Director
is not demasquerading and forwarding the return packets. Can you
confirm that the routing on the Linux Director is correct,
that probablyu means 10.9.201/24 being routed to the internal
interface and 0/0 or at least 192.168.0/24 being routed to the
external interface.
Running tcpdump on the external interface of the Linux Director
may shed some more light onto this problem.
> Problem is, the external box hangs on the telnet and never seems to get
> a response via the gateway. Maybe the problem is that it's expecting an
> answer from 192.168.0.2 whereas the tcpdump is showing a packet arriving
> from 10.9.201.225. Can someone point me in the right direction? I've
> followed the exact installation instructions on the virtual server website:
> http://www.linuxvirtualserver.org/VS-NAT.html
>
> More explicitly, I've run the following commands:
>
> # echo 1 > /proc/sys/net/ipv4/ip_forward
> # ipchains -l -A forward -j MASQ -s 10.9.201.0/24 -d 0.0.0.0/0
> # ipvsadm -A -t 192.168.0.2:80 -s wlc
> # ipvsadm -a -t 192.168.0.2:80 -r 10.9.201.225:80 -m
--
Horms
|
