|
On Thu, 23 Jun 2005, Bikrant Neupane wrote:
I have now removed -j REDIRECT rule. But now the Director is not forwarding
the packet at all!.
However I can see the packet (syn) redirected by cisco to director hitting
the mangle rule.
With ip_forward = 0
tcpdump in director:
202.79.45.235.2151 > 212.58.240.120.80: S 2729683022:2729683022(0) win 64240
<mss 1460,nop,nop,sackOK>
202.79.45.235.2151 > 212.58.240.120.80: S 2729683022:2729683022(0) win 64240
<mss 1460,nop,nop,sackOK>
202.79.45.235.2151 > 212.58.240.120.80: S 2729683022:2729683022(0) win 64240
<mss 1460,nop,nop,sackOK>
I assume no packets are being accepted?
with ip_forward = 1 I observerd Hundreds of syn packets!!
LVS-DR works with ip_forward off. You shouldn't need to turn it on.
By looking at the src and dst mac address I found that the packet was
looping between the cisco router and the director.
00:80:48:31:86:db --> Direcor Interface
00:50:3e:f4:6d:e0 --> Cisco Router Interface
22:16:56.653006 00:50:3e:f4:6d:e0 > 00:80:48:31:86:db, ethertype IPv4
(0x0800), length 62: IP 202.79.45.235.2155 > 216.239.57.107.80: S
2858487429:2858487429(0) win 64240 <mss 1460,nop,nop,sackOK>
22:16:56.653015 00:80:48:31:86:db > 00:50:3e:f4:6d:e0, ethertype IPv4
(0x0800), length 62: IP 202.79.45.235.2155 > 216.239.57.107.80: S
2858487429:2858487429(0) win 64240 <mss 1460,nop,nop,sackOK>
How is this possible?? Instead of forwarding packet to Real Server
(202.79.45.241) the Director forwarded the packet to Router.
what is the route on the director for packets to the RIP?
Does the ciso have icmp redirects turned off?
Watch out for ciscos
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.arp_problem.html#router_wierdness
it turns out I can't spell "weird". That's really wierd.
Since the source address is that of the client the route reforwarded the
packet to the Director and hece the loop.
Things are starting to come back to me.
Before you can mark the packets you need someway for the director to
accept packets to 0/0:80. The REDIRECT method doesn't work anymore. Have a
look at this untested method.
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.transparent_proxy.html#tp_redirect
Julian's way of handling this (see his comment on 7 Jul 2002) is at
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.routing_to_VIP-less_director.html#routing_and_delivery
You should be able to run his two line command. It's black magic to me.
LVS'ing squids was so simple in 2.2 kernels. I'll have to get
the HOWTO all straightened out once we figure out what's
going on here. It would be nice if someone with an
LVS'ed squid would pop up here and give us the answer.
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
| 