|
Joseph Mack PhD, High Performance Computing & Scientific Visualisation
LMIT, Supporting the EPA Research Triangle Park, NC 919-541-0007
Federal Contact - John B. Smith 919-541-1087 - smith.john@xxxxxxx
lvs-users-bounces+mack.joseph=epamail.epa.gov@xxxxxxxxxxxxxxxxxxxxxx
wrote on 03/10/2005 10:12:39 AM:
>
>
> Hi All,
>
> I am running LVS-NAT on ipvs 1.2.0, kernel-2.6.9-5.0.3.EL.
not a standard linux kernel. It's been market enhanced and we
don't know what they've done to LVS. If the problem
persists, you should try a regular kernel as a control.
> The CIP is 172.x.x.z/25 and if I add a route to 10.1.1.
> 0/24 through the VIP, I
> can ping and traceroute the RIPs.
OK for testing, but not a good idea from the security point
of view.
> The problem is that the real servers receive the following
> message while trying
> to send packets through 10.1.1.1 (the DIP, their default gateway):
>
> 10.1.1.2.smtp > 172.x.x.z.42037 (CIP): S .... ack ... <mss
> 1460, sackOK,...
I assume this is the reply packet to a connection from the CIP?
> 10.1.1.1 > 10.1.1.2: icmp 68: host 172.x.x.z unreachable -
> admin prohibited
do you have any iptables rules anywhere?
Joe
|
