Re: Unable to forward packets

[Joseph Mack NA3T <jmack@xxxxxxxx>]

On Wed, 22 Feb 2006, Bill Omer wrote:

> Interesting.  Do I *have* to use a different ethernet 
> device though? Could I just use my eth0?
you just use the same NIC and give it another IP with 
iproute tools.
> > I don't know why people run this last route command. They
> > say that it makes their machines work. I've never needed it.
> Was in the docs ...
thought I'd add my 2c.

> > so you can't get there. Any firewall rules?
> Nope, none.
OK, just making sure.

> Well, from the third machine, I'm able to ping and telnet to the RS
When you go online make sure no packets can get to the RS 
from the client (packets can go from the RS to the client).
Since you brought up the subject of netmasks (in what I 
assume was a mailing that was sent before its time), I 
notice you have x.x.252.0 netmask on your rs and x.x.254 on 
your director and that they're in different networks. Can 
the DIP talk to the RIP?
> as well as the director (with no ipvsadm rules and telnet 
> enabled in xinetd on the director of course).
turn off telnet on the director. It will confuse the issue.

> I'm a firm believer that a good nights sleep will help you see the
> problem in a new light.  So here I am   :)
coffee is good in the morning too.

> Notice I'm not using the vip, but the director's actual ip (for
> testing purposes ... a vip will have to be used later).
you only need one IP (the VIP) on the outside of the machine 
if you only have 1 director. You need two IPs only if you're 
going to failover directors and you want to talk to the 
outside of the backup director.
> So packets now are being forward (yay!) but aren't coming back to the client.
> logbash-2.03# ipvsadm
> IP Virtual Server version 1.0.8 (size=65536)
> Prot LocalAddress:Port Scheduler Flags
>  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
> TCP  cvg1-lvs-101.amazon.com:teln wlc
>  -> cvg1-app-101.amazon.com:telnet Route   1      0          1
look up what to do for InActConn but no ActiveConn in the 
mini-HOWTO - your routing is wrong.
> Maybe some iptables trickery is in order?
iptables is not used to set up an LVS. It's only used for 
wierd services that get confused running on multiple 
machines.
Joe

--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml 
Homepage http://www.austintek.com/ It's GNU/Linux!