LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] LVS-NAT in Linux 2.6

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] LVS-NAT in Linux 2.6
From: "Nick Couchman" <Nick.Couchman@xxxxxxxxx>
Date: Thu, 03 Sep 2009 06:43:28 -0600
Well, that would explain why I'm not seeing that traffic come through the 
iptables rule set!
 
Sorry to bother everyone with this - this issue was actually that the TX 
Checksums were being miscalculated due to tx checksum offloading being turned 
on for the network interface in Windows XP.  After disabling this feature, 
things work as expected, with the exception that my XP VMs cannot see my 
Windows domain over NAT.  I know that's outside the scope of this list, but if 
anyone has any experience getting Windows to work behind NAT, I'd appreciate 
the tips.
 
Thanks, and sorry to bother you with my silly mistake!
 
-Nick

>>> On 2009/09/02 at 13:28, Malcolm Turnbull <malcolm@xxxxxxxxxxxxxxxx> wrote:

Nick,

Take the iptables SNAT rule out for debugging purposes, it is not
needed for load balancing via LVS (LVS handles its own NAT).





2009/9/2 Nick Couchman <Nick.Couchman@xxxxxxxxx>
>
> The docs on the web site seem to be a little bit out of date, so I figured 
> I'd hit the mailing list to try to find some help with my problem.  First, 
> here's what I'm trying to do:
> - I have a half-dozen Windows-based virtual machines (XEN) that I need to 
> load-balance between.  In the past, I've been using the direct route method, 
> but I've run into some issues - some very strange behavior (like my IPVS 
> director deciding to send out RSET packets to all of the clients at seemingly 
> random intervals).
> - The IPVS director is also a Xen domU (VM), running SuSE Linux.
>
> Having had issues in the past with the DR method, I decided to try my luck at 
> the NAT method.  So, I enabled IP forwarding on my director:
> sysctl net.ipv4.ip_forward=1
>
> added a virtual IP address:
> ifconfig eth0:2 <virtual IP>
>
> added an iptables nat rule:
> iptables -t nat -A POSTROUTING -s 172.16.34.0/24 -j SNAT --to-source <virtual 
> IP>
>
> and updated the IPVS service table:
> ipvsadm -A -t <virtual IP>:1234 -s wlc
> ipvsadm -a -t <virtual IP>:1234 -r 172.16.34.10:1234 -m -x 1
>
> Inside this particular Windows machine, I set the default route to the IP of 
> the directory (172.16.34.1).  If I ping an IP address elsewhere on my 
> network, packets appear to be routed correctly and a look at the output of 
> "iptables -t nat -nvL" shows the packet counters for the rule I added in the 
> POSTROUTING table incrementing properly.  However, if I try to connect to the 
> virtual IP address on the port 1234, the connection never gets established.  
> A packet dump shows the traffic going from the source machine (my laptop) to 
> the director, and then being passed on the Windows machine.  I also see 
> return packets from the Windows machine go back to the IPVS director, 
> however, after that they just get "lost" - the counters in iptables do not 
> increment, nor do the packets ever show up on the outside interface.  Is 
> there something I'm doing wrong to get this setup to work?  I'm following the 
> configuration guide for the 2.4 kernel stuff from the linuxvirtualserver.org 
> web site, si
 nce this is the closest I can find to current kernel versions.
>
> Thanks,
> Nick
>
>
> --------
> This e-mail may contain confidential and privileged material for the sole use 
> of the intended recipient.  If this email is not intended for you, or you are 
> not responsible for the delivery of this message to the intended recipient, 
> please note that this message may contain SEAKR Engineering (SEAKR) 
> Privileged/Proprietary Information.  In such a case, you are strictly 
> prohibited from downloading, photocopying, distributing or otherwise using 
> this message, its contents or attachments in any way.  If you have received 
> this message in error, please notify us immediately by replying to this 
> e-mail and delete the message from your mailbox.  Information contained in 
> this message that does not relate to the business of SEAKR is neither 
> endorsed by nor attributable to SEAKR.
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users



--
Regards,

Malcolm Turnbull.

Loadbalancer.org Ltd.
Phone: +44 (0)870 443 8779
http://www.loadbalancer.org/




--------
This e-mail may contain confidential and privileged material for the sole use 
of the intended recipient.  If this email is not intended for you, or you are 
not responsible for the delivery of this message to the intended recipient, 
please note that this message may contain SEAKR Engineering (SEAKR) 
Privileged/Proprietary Information.  In such a case, you are strictly 
prohibited from downloading, photocopying, distributing or otherwise using this 
message, its contents or attachments in any way.  If you have received this 
message in error, please notify us immediately by replying to this e-mail and 
delete the message from your mailbox.  Information contained in this message 
that does not relate to the business of SEAKR is neither endorsed by nor 
attributable to SEAKR.
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>