LVS-NAT - icmp 68: host unreachable - admin prohibited

[Andrew Lord <alphastar@xxxxxxxxxxxxxx>]

Hi All,

I am running LVS-NAT on ipvs 1.2.0, kernel-2.6.9-5.0.3.EL.  There are 2 machines
on the 10.1.1.0/24 network and the virtual interface is on the director that has
eth0:172.x.x.y/25 as its VIP and eth1:10.1.1.1 as its DIP (two physical 
interfaces).
The CIP is 172.x.x.z/25 and if I add a route to 10.1.1.0/24 through the VIP, I
can ping and traceroute the RIPs.  The real servers are on a private network not
connected to the 172.x.x.x network.

The problem is that the real servers receive the following message while trying
to send packets through 10.1.1.1 (the DIP, their default gateway):

10.1.1.2.smtp > 172.x.x.z.42037 (CIP): S .... ack ... <mss 1460, sackOK,...
10.1.1.1 > 10.1.1.2: icmp 68: host 172.x.x.z unreachable - admin prohibited


My director configuration:

ifconfig eth0 172.x.x.y netmask 255.255.255.128 broadcast 172.x.x.255 arp up
ifconfig eth1 10.1.1.1 netmask 255.255.255.0 broadcast 10.1.1.255 up

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -d 0.0.0.0/0 -j MASQUERADE
ipvsadm -A -t VIP:25 -s wrr
ipvsadm -a -t VIP:25 -r 10.1.1.2:25 -m -w 1
ipvsadm -a -t VIP:25 -r 10.1.1.3:25 -m -w 1
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/eth1/send_redirects

Any help would be greatly appreciated.

Thanking you in advance,
Andrew.

------------------------------------------------------------------------
This mail sent through Carib-Link Webmail http://webmail.carib-link.net