|
> On Thu, 23 Jun 2005, Bikrant Neupane wrote:
>
> > Director, real server and client are all on same subnet. Cisco router is
the
> > gateway of all the hosts.
> >
> > Director setup:
> > ipvsadm -A -f 2 -s sh
> > ipvsadm -a -f 2 -r 202.79.45.241:80
> >
> > iptables -t mangle -I PREROUTING -p tcp --dport 80 -j MARK --set-mark 2
> > iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT
> >
> > I have turned off ip_forward and Masquerade from inptables at all.
> >
> > Tcpdump in director:
> > 202.79.45.235.1993 > 64.236.16.116.80: S 1880932316:1880932316(0) win
64240
> > <mss 1460,nop,nop,sackOK>
> > 202.79.45.235.1993 > 202.79.45.240.80: S 1880932316:1880932316(0) win
64240
> > <mss 1460,nop,nop,sackOK>
> >
> > The second packet suggest that the director is changing destination IP
from
> > 64.236.16.116 to 202.79.45.240 (IP of the director itself)
>
> that's because of the -j REDIRECT rule. You don't want this (see the
> HOWTO). Just leave that rule out.
I have now removed -j REDIRECT rule. But now the Director is not forwarding
the packet at all!.
However I can see the packet (syn) redirected by cisco to director hitting
the mangle rule.
With ip_forward = 0
tcpdump in director:
202.79.45.235.2151 > 212.58.240.120.80: S 2729683022:2729683022(0) win 64240
<mss 1460,nop,nop,sackOK>
202.79.45.235.2151 > 212.58.240.120.80: S 2729683022:2729683022(0) win 64240
<mss 1460,nop,nop,sackOK>
202.79.45.235.2151 > 212.58.240.120.80: S 2729683022:2729683022(0) win 64240
<mss 1460,nop,nop,sackOK>
with ip_forward = 1 I observerd Hundreds of syn packets!!
By looking at the src and dst mac address I found that the packet was
looping between the cisco router and the director.
00:80:48:31:86:db --> Direcor Interface
00:50:3e:f4:6d:e0 --> Cisco Router Interface
22:16:56.653006 00:50:3e:f4:6d:e0 > 00:80:48:31:86:db, ethertype IPv4
(0x0800), length 62: IP 202.79.45.235.2155 > 216.239.57.107.80: S
2858487429:2858487429(0) win 64240 <mss 1460,nop,nop,sackOK>
22:16:56.653015 00:80:48:31:86:db > 00:50:3e:f4:6d:e0, ethertype IPv4
(0x0800), length 62: IP 202.79.45.235.2155 > 216.239.57.107.80: S
2858487429:2858487429(0) win 64240 <mss 1460,nop,nop,sackOK>
How is this possible?? Instead of forwarding packet to Real Server
(202.79.45.241) the Director forwarded the packet to Router. Since the
source address is that of the client the route reforwarded the packet to the
Director and hece the loop.
regards,
Bikrant
>
> Joe
> --
> Joseph Mack NA3T EME(B,D), FM05lw North Carolina
> jmack (at) wm7d (dot) net - azimuthal equidistant map
> generator at http://www.wm7d.net/azproj.shtml
> Homepage http://www.austintek.com/ It's GNU/Linux!
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Anti-Virus.
> Version: 7.0.323 / Virus Database: 267.7.10/25 - Release Date: 6/21/2005
>
>
|
