|
On Tue, Oct 21, 2008 at 05:46:51PM -0700, Joseph Mack NA3T wrote:
> On Tue, 21 Oct 2008, Sebastien COUPPEY wrote:
>
> >
> > yes this is true, I use a iptables rule, but only have a N-1-1rs connection.
>
> without knowing what the rule is (or what an N-1-1rs is),
N client - 1 server - 1 server
a tipical iptable DNAT rule.
But with such way you bypass ipvs.
> this isn't much help. Don't have any iptables rules till
> your lvs is working
>
> Your ipsec connection terminates at the VIP on the director,
> not the realservers?
yes the tunnel terminates at the VIP on the director.
The real server is on a normal network.
With the firewall down,
Attached is a tcpdump, where :
10.44.0.254 is the client
10.4.0.30 is the VIP on the director net interface
10.0.1.60 is the realserver
We can see that packets arrive back on the director, are correctly
rewritten and sent back to the client 10.44.0.254. However the client
never receive the packet.
10.4.0.30.http > 10.44.0.254
I was wondering if the "brownfield" patch or NFCT patch described in
the LVS-HOWTO.LVS-NAT.html documentation was included in the 2.6.18
kernel.
ipvsadm v1.24 2003/06/07 (compiled with getopt_long and IPVS v1.2.0)
Again thanks for advices.
dumpDirector.txt
Description: Text document
|
