On 07/26/2012 06:40 PM, Liu, William wrote:
> Hi,
>
> I am a problem with LVS NAT configuration where the packets do not look like
> they are being masqueraded by LVS. Here's my setup:
>
> LVS server has 3 interfaces: primary, nat_router, virtual IP
> 172.5.111.74 -primary
> 172.25.117.4 - nat router
> 172.25.117.5 - virtual IP, port 80
> |---- 172.28.12.56 (Real server)
>
> A client (172.25.111.8) connects to 172.25.117.5 on port 80 never gets a
> response back. What I see on Real sever (172.28.12.56) on tcpdump is :
> 16:35:08.103968 IP 172.25.111.8.34271 > 172.28.12.56.http: S
> 1718115488:1718115488(0) win 5840 <mss 1460,sackOK,timestamp 500867550
> 0,nop,wscale 7>
>
> This shows source IP of the client and NOT from LVS. I presume in NAT mode,
> the source IP should be of the "nat router?" From my understanding LVS
> should have done the header masquerading? I shouldn't have to use IPtables?
> Please let me know what I have to do for this function to work?
>
> # ipvsadm -l -n --stats
> IP Virtual Server version 1.2.1 (size=4096)
> Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes
> -> RemoteAddress:Port
> TCP 172.25.117.5:80 4 15 0 900 0
> -> 172.28.12.56:80 4 15 0 900 0
>
> I would like LVS server to be the gateway for both traffic to the real server
> and on the way back to the client.
>
> This LVS server is a RHEL5.8 with 2.6.18 kernel. Here is my lvs.cf config:
> serial_no = 16
> primary = 172.25.111.74
> service = lvs
> backup = 0.0.0.0
> heartbeat = 1
> heartbeat_port = 539
> keepalive = 6
> deadtime = 18
> network = nat
> nat_router = 172.25.117.4 eth1:1
> nat_nmask = 255.255.255.0
> debug_level = NONE
> virtual 172.28.12.56 {
> active = 1
> address = 172.25.117.5 eth1:2
> vip_nmask = 255.255.255.255
> port = 80
> expect = "OK"
> use_regex = 0
> send_program = "/etc/sysconfig/ha/check_tcp80.sh %h"
> load_monitor = none
> scheduler = rr
> protocol = tcp
> timeout = 60
> reentry = 15
> quiesce_server = 0
> server diadm1cm {
> address = 172.28.12.56
> active = 1
> weight = 1
> }
> }
As far as I know the NAT stands for DNAT not SNAT so the source address
doesn't change but the destination address is changed to the ip of the
realserver. The realserver has to have the director as it's default gateway
so that when the return packet is sent the DNAT gets reverted on the director.
Regards,
Dennis
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|