Some outbound traffic not working on backend servers

["Tony Spencer" <tony@xxxxxxxxxxxxxxxxxx>]

Hi

 

I’ve 2 LVS’s in failover mode doing load balancing of some web and email
servers using NAT.

The LVS’s are working fine and load balancing web sites and mail servers and
are serving requests that come in.

However from the backend web servers some services aren’t working.

For instance we have a web site that updates details from some Cisco
routers, for this our scripts use RSH.

If you use RSH from a web server behind the LVS’s you get back:

 

####

poll: protocol failure in circuit setup

####

 

 

But doing it from the LVS it works fine.

The Cisco is setup correctly to allow RSH from the IP range the LVS’s are on
which is proven by the fact the LVS’s can use RSH and get info back.

 

Other outbound traffic seems to work fine from the web servers.

I can use the wget command, browse web sites using the links command and ftp
from the web servers works fine.

 

Not sure why RSH is failing though.

 

Here is a tcpdump from the web server of an RSH command:

 

 

###

10:09:50.730977 IP 192.168.1.8.54046 > 10.0.0.252.kshell: S
99974353:99974353(0) win 5840 <mss 1460,sackOK,timestamp 2500066416
0,nop,wscale 2>

10:09:50.739609 IP 10.0.0.252.kshell > 192.168.1.8.54046: R 0:0(0) ack
99974354 win 0

10:09:50.740456 IP 192.168.1.8.54047 > 10.0.0.252.kshell: S
92894501:92894501(0) win 5840 <mss 1460,sackOK,timestamp 2500066425
0,nop,wscale 2>

10:09:50.754592 IP 10.0.0.252.kshell > 192.168.1.8.54047: R 0:0(0) ack
92894502 win 0

10:09:50.757386 IP 192.168.1.8.1023 > 10.0.0.252.shell: S
93544532:93544532(0) win 5840 <mss 1460,sackOK,timestamp 2500066442
0,nop,wscale 2>

10:09:53.756475 IP 192.168.1.8.1023 > 10.0.0.252.shell: S
93544532:93544532(0) win 5840 <mss 1460,sackOK,timestamp 2500069442
0,nop,wscale 2>

10:09:53.771247 IP 10.0.0.252.shell > 192.168.1.8.1023: S
2629573293:2629573293(0) ack 93544533 win 4128 <mss 1460>

10:09:53.771277 IP 192.168.1.8.1023 > 10.0.0.252.shell: . ack 1 win 5840

10:09:53.771449 IP 192.168.1.8.1023 > 10.0.0.252.shell: P 1:6(5) ack 1 win
5840

10:09:53.800469 IP 10.0.0.252.shell > 192.168.1.8.1023: FP 1:1(0) ack 6 win
4123

10:09:53.800583 IP 192.168.1.8.1023 > 10.0.0.252.shell: F 6:6(0) ack 2 win
5840

10:09:53.815297 IP 10.0.0.252.shell > 192.168.1.8.1023: . ack 7 win 4123

####

 

 

Here is a tcpdump output from the LVS whist running the same RSH command
from the web server:

 

####

10:11:27.068439 IP 10.0.0.252.shell > 192.168.1.8.1023: S
3198090852:3198090852(0) ack 175661528 win 4128 <mss 1460>

10:11:27.068565 IP 192.168.1.8.1023 > 10.0.0.252.shell: . ack 1 win 5840

10:11:27.068639 IP 192.168.1.8.1023 > 10.0.0.252.shell: P 1:6(5) ack 1 win
5840

10:11:27.083048 IP 10.0.0.252.1023 > 192.168.1.8.1022: S
140141776:140141776(0) win 4128 <mss 1460>

10:11:27.083085 IP 192.168.1.8.1022 > 10.0.0.252.1023: R 0:0(0) ack
140141777 win 0

10:11:27.097656 IP 10.0.0.252.shell > 192.168.1.8.1023: FP 1:1(0) ack 6 win
4123

10:11:27.097760 IP 192.168.1.8.1023 > 10.0.0.252.shell: . ack 2 win 5840

10:11:27.097971 IP 192.168.1.8.1023 > 10.0.0.252.shell: F 6:6(0) ack 2 win
5840

10:11:27.112276 IP 10.0.0.252.shell > 192.168.1.8.1023: . ack 7 win 4123

####

 

 

A successful RSH to the Cisco from the LVS:

 

####

10:14:16.396616 IP 10.0.0.252.shell > 10.0.0.22.1023: S
4160581423:4160581423(0) ack 3853754187 win 4128 <mss 1460>

10:14:16.396649 IP 10.0.0.22.1023 > 10.0.0.252.shell: . ack 1 win 5840

10:14:16.396775 IP 10.0.0.22.1023 > 10.0.0.252.shell: P 1:6(5) ack 1 win
5840

10:14:16.411228 IP 10.0.0.252.1022 > 10.0.0.22.1022: S
2818345079:2818345079(0) win 4128 <mss 1460>

10:14:16.411265 IP 10.0.0.22.1022 > 10.0.0.252.1022: S
3845946661:3845946661(0) ack 2818345080 win 5840 <mss 1460>

10:14:16.425843 IP 10.0.0.252.1022 > 10.0.0.22.1022: . ack 1 win 4128

10:14:16.598748 IP 10.0.0.252.shell > 10.0.0.22.1023: . ack 6 win 4123

10:14:16.598808 IP 10.0.0.22.1023 > 10.0.0.252.shell: P 6:31(25) ack 1 win
5840

10:14:16.613320 IP 10.0.0.252.shell > 10.0.0.22.1023: P 1:2(1) ack 31 win
4098

10:14:16.613367 IP 10.0.0.22.1023 > 10.0.0.252.shell: . ack 2 win 5840

10:14:16.613386 IP 10.0.0.252.shell > 10.0.0.22.1023: P 2:351(349) ack 31
win 4128

10:14:16.613400 IP 10.0.0.22.1023 > 10.0.0.252.shell: . ack 351 win 6432

10:14:16.613404 IP 10.0.0.252.1022 > 10.0.0.22.1022: FP 1:1(0) ack 1 win
4128

10:14:16.613414 IP 10.0.0.252.shell > 10.0.0.22.1023: P 351:352(1) ack 31
win 4128

10:14:16.613426 IP 10.0.0.22.1023 > 10.0.0.252.shell: . ack 352 win 6432

10:14:16.613841 IP 10.0.0.22.1022 > 10.0.0.252.1022: . ack 2 win 5840

10:14:16.717190 IP 10.0.0.252.shell > 10.0.0.22.1023: FP 352:352(0) ack 31
win 4128

10:14:16.717468 IP 10.0.0.22.1022 > 10.0.0.252.1022: F 1:1(0) ack 2 win 5840

10:14:16.717718 IP 10.0.0.22.1023 > 10.0.0.252.shell: F 31:31(0) ack 353 win
6432

10:14:16.732120 IP 10.0.0.252.1022 > 10.0.0.22.1022: . ack 2 win 4128

10:14:16.732162 IP 10.0.0.252.shell > 10.0.0.22.1023: . ack 32 win 4128

####

 

 

 

Not sure where the problem is, we do have a firewall in front of the LVS’s
but since RSH works from the LVS I doubt the firewall is to blame.

 

Anyone got any ideas?

 

Thanks

Tony

 

 


-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.392 / Virus Database: 268.5.5/335 - Release Date: 09/05/2006
 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.