Re: [lvs-users] LVS/TUN Help with FWMARK

[Julian Anastasov <ja@xxxxxx>]

        Hello,

On Thu, 28 Jun 2012, Jenny Lee wrote:

> On MACHINE 2, I run:
>  
> service iptables stop
> modprobe ipip
> ip addr add 1.1.1.3/32 dev tunl0

        Can this help?

cat /proc/sys/net/ipv4/conf/tunl0/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/tunl0/rp_filter

> ip link set tunl0 up arp off
> nc -l -v -D 23
> 
> ############# LOGS ################################################
> On MACHINE 1:
>  
> tcpdump -lnnn host 2.2.2.2
> listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
> 05:41:35.367295 IP 1.1.1.1 > 2.2.2.2: IP cl.ie.nt.IP.53178 > 1.1.1.3.23: 
> Flags [S], seq 64858347, win 8192, options [mss 1400,nop,wscale 
> 8,nop,nop,sackOK], length 0 (ipip-proto-4)
> 05:41:38.369261 IP 1.1.1.1 > 2.2.2.2: IP cl.ie.nt.IP.53178 > 1.1.1.3.23: 
> Flags [S], seq 64858347, win 8192, options [mss 1400,nop,wscale 
> 8,nop,nop,sackOK], length 0 (ipip-proto-4)
> 05:41:44.374032 IP 1.1.1.1 > 2.2.2.2: IP cl.ie.nt.IP.53178 > 1.1.1.3.23: 
> Flags [S], seq 64858347, win 8192, options [mss 1400,nop,nop,sackOK], length 
> 0 (ipip-proto-4)
>  
> ipvsadm -L -n --stats
> IP Virtual Server version 1.2.1 (size=4096)
> Prot LocalAddress:Port               Conns   InPkts  OutPkts  InBytes OutBytes
>   -> RemoteAddress:Port
> FWM  1                                   5       13        0      760        0
>   -> 2.2.2.2:0                           5       13        0      760        0
> 
>  
> On MACHINE 2:
> 
> tcpdump -lnnn -i tunl0 host cl.ie.nt.IP
> listening on tunl0, link-type RAW (Raw IP), capture size 65535 bytes
> 05:32:15.694994 IP cl.ie.nt.IP.52809 > 1.1.1.3.23: Flags [S], seq 4020678079, 
> win 8192, options [mss 1400,nop,wscale 8,nop,nop,sackOK], length 0
> 05:32:18.703968 IP cl.ie.nt.IP.52809 > 1.1.1.3.23: Flags [S], seq 4020678079, 
> win 8192, options [mss 1400,nop,wscale 8,nop,nop,sackOK], length 0
> 05:32:24.710999 IP cl.ie.nt.IP.52809 > 1.1.1.3.23: Flags [S], seq 4020678079, 
> win 8192, options [mss 1400,nop,nop,sackOK], length 0
>  
> tcpdump -lnnn -i eth0 host 1.1.1.1
> listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
> 05:29:48.719022 IP 1.1.1.1 > 2.2.2.2: IP cl.ie.nt.IP.52711 > 1.1.1.3.23: 
> Flags [S], seq 2945894575, win 8192, options [mss 1400,nop,wscale 
> 8,nop,nop,sackOK], length 0 (ipip-proto-4)
> 05:29:51.730887 IP 1.1.1.1 > 2.2.2.2: IP cl.ie.nt.IP.52711 > 1.1.1.3.23: 
> Flags [S], seq 2945894575, win 8192, options [mss 1400,nop,wscale 
> 8,nop,nop,sackOK], length 0 (ipip-proto-4)
> 05:29:57.737162 IP 1.1.1.1 > 2.2.2.2: IP cl.ie.nt.IP.52711 > 1.1.1.3.23: 
> Flags [S], seq 2945894575, win 8192, options [mss 1400,nop,nop,sackOK], 
> length 0 (ipip-proto-4)
> ######################################################################
> 
> No matter what I do, I am not able to connect to netcat on MACHINE2 when I 
> try: telnet 1.1.1.3 <enter>
>  
> I don't think DC is blocking packets. Doing "traceroute -s 1.1.1.3 
> some.other.ip" showed that "some.other.ip" indeed saw connections coming from 
> 1.1.1.3
>  
> I would be eternally grateful if someone can help.
>  
> Jenny

Regards

--
Julian Anastasov <ja@xxxxxx>

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users