|
On Thu 08 Dec 2005 13:38:58 GMT , Joseph Mack NA3T <jmack@xxxxxxxx> wrote:
Mark de Vries isn't having this problem. He's using a 2.6
kernel though (I think)
...neither am I, and I'm using 2.6 too.
However I think one fundamentally different thing between this setup
and mine (and Mark's, and many others out here in the wild) is that
Rob's system has NAT (port forwarding, inbound NAT, DNAT, call it what
you will) in front of his director.
The director itself does *not* have a public IP, and if I have read
Rob's emails properly then the public IP which is on the external side
of his router is not on the director at all. It's like this (using
Rob's amended description):
Router: 198.x.x.x (public interface)
Router: ?.?.?.? (DMZ interface)
DIPdmz: 172.16.123.24 (director DMZ interface)
VIP: 172.16.123.25 (director DMZ interface)
DIPlan: 10.0.0.252 (director LAN interface)
RIP: 10.0.0.95 (realserver LAN interface)
Reading between the lines, Rob is using LVS-NAT on the director but
that hasn't been stated clearly.
It looks to me like that additional NAT step is the problem - if the
director has no knowledge of the *real* VIP, how can it predictably
handle the PORT command for either active or passive mode? Also, is the
router itself doing something fancy or is it just doing straight port
forwarding? Looks to me like the mix of the two systems is causing your
problems here.
Graeme
|
