LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

[lvs-users] lvs masq response package not getting picked up

from [Klavs Klavsen] [Permanent Link]
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: [lvs-users] lvs masq response package not getting picked up
From: Klavs Klavsen <kl@xxxxxxx>
Date: Mon, 13 Aug 2012 13:20:47 +0200 
Hi,

I've setup a server, with public IPs (currently only one though) on one 
interface, and an internal ip on another interface - where the backend 
webservers are hosted.

My problem is that I see the request package (going to X.X.X.167 port 
80) go through to the backend fine (the Syn package) and I see the 
backend (which has the LVS server as default gw) response when I tcpdump 
on the internal interface of the LVS server.

The response however, is newer relayed on the LVS servers external 
interface :(

I hope you can help me debug, or suggest things I could do, to debug.

My setup is as follows:

I've setup ipvs in kernel, using ldirectord - ipvsadm -ln shows:
TCP  X.X.X.167:80 wrr persistent 900
   -> Y.Y.Y.105:80            Masq    2      0          0
TCP  X.X.X.167:443 wrr persistent 900
   -> Y.Y.Y.105:443           Masq    2      0          0

with X.X.X.167 being my public ip, and Y.Y.Y.105 being the internal one.

Iptables is enabled and output is like this:
[root@lb1 ~]# iptables -L -n
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW 
tcp dpt:22
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:443
ACCEPT     tcp  --  B.B.B.162       0.0.0.0/0           state NEW tcp 
dpt:8080
REJECT     all  --  0.0.0.0/0            0.0.0.0/0 reject-with 
icmp-host-prohibited

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW 
tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW 
tcp dpt:443
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED
REJECT     all  --  0.0.0.0/0            0.0.0.0/0 reject-with 
icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

[root@lb1 ~]# iptables -L -n -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

-- 
Regards,
Klavs Klavsen, GSEC - kl@xxxxxxx - http://www.vsen.dk - Tlf. 61281200

"Those who do not understand Unix are condemned to reinvent it, poorly."
   --Henry Spencer


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [lvs-users] LVS SNAT latest kernel/iptables, Scrymgeour, James
Next by Date:  Re: [lvs-users] lvs masq response package not getting picked up, Klavs Klavsen
Previous by Thread:  [lvs-users] LVS SNAT latest kernel/iptables, Scrymgeour, James
Next by Thread:  Re: [lvs-users] lvs masq response package not getting picked up, Klavs Klavsen
Indexes:  [Date] [Thread] [Top] [All Lists]