Roberto Nibali a écrit :
>> I have some problems to set a router/firewall and a lb on the same Linux
>> machine.
>> This is my network topology :
>> Real server 1
>> _______/
>> INTERNET <----> eth0 ROUTER/LB eth1 <----> MY NETWORK <_______
>> \
>> Real server 2
>>
>> And my network problem is when a real server respond to a SYN with a
>> SYN/ACK by the router.
>> 1 / SYN send by an internet machine to LB IP
>> 2 / Router/LB receive (eth0) and send to RS1 or RS2 (eth1)
>> 3 / RS1 or RS2 respond to the SYN with a SYN/ACK and send it to the
>> internet machine throw the ROUTER/LB (eth1)
>> 4 / ROUTER/LB receive the packet on is eth1 but don't send to the eth0
>>
>> The only reason i found is that router/lb has also the IP of the lb and
>> for him the response can't be send by someone else than him, a tcp stack
>> /connection tracking problem in some sort.
>
> If you use the director as default gateway for your RS in LVS-DR mode,
> you need to patch your kernel with the shared forward patch, to be found
> here:
>
> http://www.ssi.bg/~ja/forward_shared-2.6.17-2.diff
>
> Please report back if that works for you or not.
Effectively that work fine on a 2.6.18.
Thanks.
>
> Best regards and good luck,
> Roberto Nibali, ratz
|