|
I have some problems to set a router/firewall and a lb on the same Linux
machine.
This is my network topology :
Real server 1
_______/
INTERNET <----> eth0 ROUTER/LB eth1 <----> MY NETWORK <_______
\
Real server 2
And my network problem is when a real server respond to a SYN with a
SYN/ACK by the router.
1 / SYN send by an internet machine to LB IP
2 / Router/LB receive (eth0) and send to RS1 or RS2 (eth1)
3 / RS1 or RS2 respond to the SYN with a SYN/ACK and send it to the
internet machine throw the ROUTER/LB (eth1)
4 / ROUTER/LB receive the packet on is eth1 but don't send to the eth0
The only reason i found is that router/lb has also the IP of the lb and
for him the response can't be send by someone else than him, a tcp stack
/connection tracking problem in some sort.
If you use the director as default gateway for your RS in LVS-DR mode,
you need to patch your kernel with the shared forward patch, to be found
here:
http://www.ssi.bg/~ja/forward_shared-2.6.17-2.diff
Please report back if that works for you or not.
Best regards and good luck,
Roberto Nibali, ratz
--
echo
'[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc
|
