[lvs-users] CentOS 4.7 (2.6.9-based) -- LVS-NAT return packets leaving v

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: [lvs-users] CentOS 4.7 (2.6.9-based) -- LVS-NAT return packets leaving via wrong interface
From: Charles Duffy <charles@xxxxxxxxx>
Date: Wed, 11 Mar 2009 19:14:51 -0500

I have a two-interface configuration on my director, where each 
interface is on a different subnet -- an internal interface with the 
realservers, and an external one with the VIPs. Using LVS-NAT, SYN 
packets are correctly routed by the director to an appropriate 
realserver and ACKs are appropriately routed back to the director from 
the realclient (via the default gateway) -- but when the director emits 
the demasqueraded ACK to be sent to the client, it does so on the 
internal interface rather than the external one, and the router between 
the two (which I don't control) is disinclined to forward it.

I've tried to work around this using source routing, as follows:

# ip rule show
0:      from all lookup local
32764:  from <INTERNAL_NET> lookup int
32765:  from <EXTERNAL_NET> lookup ext
32766:  from all lookup main
32767:  from all lookup default
# ip route show table ext
<EXTERNAL_NET> dev eth1  scope link
default via <EXTERNAL_GW> dev eth1
# ip route show table int
<INTERNAL_NET> dev eth0  scope link
default via <INTERNAL_GW> dev eth0

As the demasqueraded packets have a source address on <EXTERNAL_NET>, I 
would expect them to leave on eth1 via <EXTERNAL_GW>. However, this does 
not happen -- the demasqueraded packet attempts to leave via eth0, and 
thus never reaches its destination.

Any hints?

Please read the documentation before posting - it's available at: mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to

<Prev in Thread] Current Thread [Next in Thread>