|
Hi list,
I have some problems to set a router/firewall and a lb on the same Linux
machine.
This is my network topology :
Real server 1
_______/
INTERNET <----> eth0 ROUTER/LB eth1 <----> MY NETWORK <_______
\
Real server 2
And my network problem is when a real server respond to a SYN with a
SYN/ACK by the router.
1 / SYN send by an internet machine to LB IP
2 / Router/LB receive (eth0) and send to RS1 or RS2 (eth1)
3 / RS1 or RS2 respond to the SYN with a SYN/ACK and send it to the
internet machine throw the ROUTER/LB (eth1)
4 / ROUTER/LB receive the packet on is eth1 but don't send to the eth0
The only reason i found is that router/lb has also the IP of the lb and
for him the response can't be send by someone else than him, a tcp stack
/connection tracking problem in some sort.
I use a debian stable with the ipvs of the 2.6.18 kernel and the ipvsadm
from debian, and IPVS use round robin and the gatewaying method for the
packet forwardind.
Thanks for any help
|
