SNAT / Masquerading problems using LVS-NAT

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	SNAT / Masquerading problems using LVS-NAT
From:	"Rudd, Michael" <Michael.Rudd@xxxxxxxxxxx>
Date:	Mon, 19 Mar 2007 08:09:32 -0500

My current setup has 1 director and 2 servers behind it. Heres the dump
from ipvsadm. 
 
[root@jackets-a sysconfig]# ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
UDP  192.168.67.213:domain rr ops
  -> dnsa-c:domain                Masq    1      0          110935    
  -> dnsa-d:domain                Masq    1      0          110934    
[root@jackets-a sysconfig]# 

LVS is working the way it should except return packets are not the
correct source IP address. They should be from 192.168.67.213 which is
the address of the service. Instead they are the address of the real
server. This worked in kernel 2.4 when I tested it 2 months ago. Now its
broken in my 2.6.18 kernel. 
 
Heres also a dump from ip addr. We are doing our dns traffic based on
bond1.201. 
...
8: bond0: <BROADCAST,MULTICAST,MASTER,UP,10000> mtu 1500 qdisc noqueue 
    link/ether 00:04:23:c5:63:fc brd ff:ff:ff:ff:ff:ff
9: bond1: <BROADCAST,MULTICAST,MASTER,UP,10000> mtu 1500 qdisc noqueue 
    link/ether 00:04:23:c5:63:fd brd ff:ff:ff:ff:ff:ff
10: bond2: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop 
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
11: bond3: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop 
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
12: bond0.200@bond0: <BROADCAST,MULTICAST,MASTER,UP,10000> mtu 1500
qdisc noqueue 
    link/ether 00:04:23:c5:63:fc brd ff:ff:ff:ff:ff:ff
    inet 192.168.66.214/24 brd 192.168.66.255 scope global bond0.200
    inet 192.168.66.244/24 brd 192.168.66.255 scope global secondary
bond0.200
13: bond0.202@bond0: <BROADCAST,MULTICAST,MASTER,UP,10000> mtu 1500
qdisc noqueue 
    link/ether 00:04:23:c5:63:fc brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.104/24 brd 192.168.2.255 scope global bond0.202
    inet 192.168.2.101/24 brd 192.168.2.255 scope global secondary
bond0.202
14: bond1.201@bond1: <BROADCAST,MULTICAST,MASTER,UP,10000> mtu 1500
qdisc noqueue 
    link/ether 00:04:23:c5:63:fd brd ff:ff:ff:ff:ff:ff
    inet 192.168.67.214/24 brd 192.168.67.255 scope global bond1.201
    inet 192.168.67.213/24 brd 192.168.67.255 scope global secondary
bond1.201
[root@jackets-a sysconfig]# 
 
I've tried the ip_route_me_harder patch I found here
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-NAT.html#brow
nfield but it doesnt appear to work correctly at least for me. Anybody
got any clues as to what broke in 2.6 for this?
 
Thanks
Mike

<Prev in Thread]	Current Thread	[Next in Thread>
SNAT / Masquerading problems using LVS-NAT, Rudd, Michael <=

Previous by Date:	Re: SNAT Confusion, Janusz Krzysztofik
Next by Date:	Re: PPPoE and LVS router, Hideki
Previous by Thread:	PPPoE and LVS router, Hideki
Next by Thread:	LVS-Tun with Windows 2003 server. No way to make it work with IP Tunelling ?, Arief Setiawan
Indexes:	[Date] [Thread] [Top] [All Lists]