|
On 7/26/12 12:40 PM, Liu, William wrote:
> Hi,
>
> I am a problem with LVS NAT configuration where the packets do not look like
> they are being masqueraded by LVS. Here's my setup:
>
> LVS server has 3 interfaces: primary, nat_router, virtual IP
> 172.5.111.74 -primary
> 172.25.117.4 - nat router
> 172.25.117.5 - virtual IP, port 80
> |---- 172.28.12.56 (Real server)
>
> A client (172.25.111.8) connects to 172.25.117.5 on port 80 never gets a
> response back. What I see on Real sever (172.28.12.56) on tcpdump is :
> 16:35:08.103968 IP 172.25.111.8.34271 > 172.28.12.56.http: S
> 1718115488:1718115488(0) win 5840 <mss 1460,sackOK,timestamp 500867550
> 0,nop,wscale 7>
>
> This shows source IP of the client and NOT from LVS. I presume in NAT mode,
> the source IP should be of the "nat router?" From my understanding LVS
> should have done the header masquerading? I shouldn't have to use IPtables?
> Please let me know what I have to do for this function to work?
There is a SNAT patch for LVS out on the Internet somewhere, but it is
not supported by RedHat. With RHEL, none of the three (DR,NAT, TUN)
mechanisms modify the source IP of the packets.
If you use LVS-NAT, you need to make sure the real server routes the
packet back through the LVS director so the 'un-NAT' can happen
correctly before the request goes back to the client.
David
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
