|
Hi,
I am a problem with LVS NAT configuration where the packets do not look like
they are being masqueraded by LVS. Here's my setup:
LVS server has 3 interfaces: primary, nat_router, virtual IP
172.5.111.74 -primary
172.25.117.4 - nat router
172.25.117.5 - virtual IP, port 80
|---- 172.28.12.56 (Real server)
A client (172.25.111.8) connects to 172.25.117.5 on port 80 never gets a
response back. What I see on Real sever (172.28.12.56) on tcpdump is :
16:35:08.103968 IP 172.25.111.8.34271 > 172.28.12.56.http: S
1718115488:1718115488(0) win 5840 <mss 1460,sackOK,timestamp 500867550
0,nop,wscale 7>
This shows source IP of the client and NOT from LVS. I presume in NAT mode,
the source IP should be of the "nat router?" From my understanding LVS should
have done the header masquerading? I shouldn't have to use IPtables? Please
let me know what I have to do for this function to work?
# ipvsadm -l -n --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes
-> RemoteAddress:Port
TCP 172.25.117.5:80 4 15 0 900 0
-> 172.28.12.56:80 4 15 0 900 0
I would like LVS server to be the gateway for both traffic to the real server
and on the way back to the client.
This LVS server is a RHEL5.8 with 2.6.18 kernel. Here is my lvs.cf config:
serial_no = 16
primary = 172.25.111.74
service = lvs
backup = 0.0.0.0
heartbeat = 1
heartbeat_port = 539
keepalive = 6
deadtime = 18
network = nat
nat_router = 172.25.117.4 eth1:1
nat_nmask = 255.255.255.0
debug_level = NONE
virtual 172.28.12.56 {
active = 1
address = 172.25.117.5 eth1:2
vip_nmask = 255.255.255.255
port = 80
expect = "OK"
use_regex = 0
send_program = "/etc/sysconfig/ha/check_tcp80.sh %h"
load_monitor = none
scheduler = rr
protocol = tcp
timeout = 60
reentry = 15
quiesce_server = 0
server diadm1cm {
address = 172.28.12.56
active = 1
weight = 1
}
}
________________________________
This message is confidential and intended only for the addressee. If you have
received this message in error, please immediately notify the
postmaster@xxxxxxx and delete it from your system as well as any copies. The
content of e-mails as well as traffic data may be monitored by NDS for
employment and security purposes.
To protect the environment please do not print this e-mail unless necessary.
An NDS Group Limited company. www.nds.com
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
