|
Howdy!
I have a two-interface configuration on my director, where each
interface is on a different subnet -- an internal interface with the
realservers, and an external one with the VIPs. Using LVS-NAT, SYN
packets are correctly routed by the director to an appropriate
realserver and ACKs are appropriately routed back to the director from
the realclient (via the default gateway) -- but when the director emits
the demasqueraded ACK to be sent to the client, it does so on the
internal interface rather than the external one, and the router between
the two (which I don't control) is disinclined to forward it.
I've tried to work around this using source routing, as follows:
# ip rule show
0: from all lookup local
32764: from <INTERNAL_NET> lookup int
32765: from <EXTERNAL_NET> lookup ext
32766: from all lookup main
32767: from all lookup default
# ip route show table ext
<EXTERNAL_NET> dev eth1 scope link
default via <EXTERNAL_GW> dev eth1
# ip route show table int
<INTERNAL_NET> dev eth0 scope link
default via <INTERNAL_GW> dev eth0
As the demasqueraded packets have a source address on <EXTERNAL_NET>, I
would expect them to leave on eth1 via <EXTERNAL_GW>. However, this does
not happen -- the demasqueraded packet attempts to leave via eth0, and
thus never reaches its destination.
Any hints?
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
