|
On Tue, Nov 14, 2006 at 02:18:00PM +0100, Damien 'zaide' Desmarets wrote:
> Roberto Nibali a écrit :
> >> I have some problems to set a router/firewall and a lb on the same Linux
> >> machine.
> >> This is my network topology :
> >> Real server 1
> >> _______/
> >> INTERNET <----> eth0 ROUTER/LB eth1 <----> MY NETWORK <_______
> >> \
> >> Real server 2
> >>
> >> And my network problem is when a real server respond to a SYN with a
> >> SYN/ACK by the router.
> >> 1 / SYN send by an internet machine to LB IP
> >> 2 / Router/LB receive (eth0) and send to RS1 or RS2 (eth1)
> >> 3 / RS1 or RS2 respond to the SYN with a SYN/ACK and send it to the
> >> internet machine throw the ROUTER/LB (eth1)
> >> 4 / ROUTER/LB receive the packet on is eth1 but don't send to the eth0
> >>
> >> The only reason i found is that router/lb has also the IP of the lb and
> >> for him the response can't be send by someone else than him, a tcp stack
> >> /connection tracking problem in some sort.
> >
> > If you use the director as default gateway for your RS in LVS-DR mode,
> > you need to patch your kernel with the shared forward patch, to be found
> > here:
> >
> > http://www.ssi.bg/~ja/forward_shared-2.6.17-2.diff
> >
> > Please report back if that works for you or not.
>
> Effectively that work fine on a 2.6.18.
> Thanks.
Should this be merged. I'm happy to try and push it in if it should
be in the main tree.
--
Horms
H: http://www.vergenet.net/~horms/
W: http://www.valinux.co.jp/en/
|
