|
On Thu, 23 Jun 2005, Bikrant Neupane wrote:
Director, real server and client are all on same subnet. Cisco router is the
gateway of all the hosts.
Director setup:
ipvsadm -A -f 2 -s sh
ipvsadm -a -f 2 -r 202.79.45.241:80
iptables -t mangle -I PREROUTING -p tcp --dport 80 -j MARK --set-mark 2
iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT
I have turned off ip_forward and Masquerade from inptables at all.
Tcpdump in director:
202.79.45.235.1993 > 64.236.16.116.80: S 1880932316:1880932316(0) win 64240
<mss 1460,nop,nop,sackOK>
202.79.45.235.1993 > 202.79.45.240.80: S 1880932316:1880932316(0) win 64240
<mss 1460,nop,nop,sackOK>
The second packet suggest that the director is changing destination IP from
64.236.16.116 to 202.79.45.240 (IP of the director itself)
that's because of the -j REDIRECT rule. You don't want this (see the
HOWTO). Just leave that rule out.
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
|
