|
On 4/13/11 11:43 AM, Romain Meillon wrote:
> When the real server anwers to the client through the IPVS, the packet
> is 'un-NATed' and arrives to the client with the public IP as source.
Yep
> If i use direct routing, the IPVS redirects the packet without NAT so
> the services need to listen on the public IP, on the real server ?
>
Correct. You need to configure the virtual server IP on the real server,
often as a /32 on the loopback. You also need to do some ARP magic to
make it work properly.
> Real server tcpdump in gate mode :
>
> 17:30:25.934418 IP<CLIENT_IP>.60719> <PUB_IP>.25: S
> 1495274318:1495274318(0) win 8192<mss 1460,nop,nop,sackOK>
> 17:30:25.934423 IP<CLIENT_IP>.60719> <PUB_IP>.25: S
> 1495274318:1495274318(0) win 8192<mss 1460,nop,nop,sackOK>
> 17:30:25.934467 IP<CLIENT_IP>.60719> <PUB_IP>.25: S
> 1495274318:1495274318(0) win 8192<mss 1460,nop,nop,sackOK>
> 17:30:25.934471 IP<CLIENT_IP>.60719> <PUB_IP>.25: S
> 1495274318:1495274318(0) win 8192<mss 1460,nop,nop,sackOK>
> 17:30:25.934516 IP<CLIENT_IP>.60719> <PUB_IP>.25: S
> 1495274318:1495274318(0) win 8192<mss 1460,nop,nop,sackOK>
> 17:30:25.934538 IP 10.254.0.100> <CLIENT_IP>: ICMP time exceeded
> in-transit, length 56
>
> No service listening on this IP, no connection established, normal.
Do you have a firewall rule in place blocking this? If nothing is
listening, I'd at least expect a TCP RST to go back to the client.
David
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
