Followup after some testing. First off yeah I found out the application doing the DNS queries is bound to 0.0.0.0/53. So its pretty much choosing whatever interface it wants to go out from. Probably why the SNAT isnt working from the realserver for LVS-DR. I may see if I can get this working cause I ultimately want to use LVS-DR someday.
As for LVS-NAT, I had the idea to do the SNAT for LVS since its not working because of the OPS patch I need. So implemented an iptables rule that whenever it receives a source port of 53, it snats it to the VIP:53 and sends it out. This should pick up all traffic coming back from my realservers. I tried this and it works. So this is an acceptable workaround for me right now. I'll post when I get the LVS-DR testing done and verify it is SNATing when I have it configured correctly and bound to the correct interface. Thanks for the help guys. Mike -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Graeme Fowler Sent: Wednesday, April 18, 2007 8:46 AM To: LinuxVirtualServer.org users mailing list. Subject: RE: SNAT / Masquerading problems using LVS-NAT On Wed, 2007-04-18 at 07:01 -0500, Rudd, Michael wrote: > My setup is 2 bonds: 1 with 2 vlans, 1 with 1 vlan Bond0.200 (public) > Bond0.202 (private) > Bond1.201 (public and vlan DNS traffic is used on) > > So I send my DNS query to my VIP on my directors. It gets routed to a > realserver which I've attached the vip to bond1.201:0. According to > others I've talked to I shouldn't need an iptables rule but I still > don't see the packet out with the source ip address of the VIP. I see > the packet with the source IP of the actual realserver. Its possible > it is a routing issue though so I plan on digging deeper on that today. > > Should I need an iptables rule at all for LVS-DR? Nope. Dumb question: you haven't configured BIND to send responses from the RIP. have you (by allowing it to bind to interfaces as it sees fit)? Also, have you solved the ARP problem for LVS-DR? You don't want your realservers ARPing the VIP, especially as you have it bound to a "real" interface rather than loopback. I have a sneaking feeling here that the application itself is the problem, not LVS. Graeme _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://www.in-addr.de/mailman/listinfo/lvs-users _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://www.in-addr.de/mailman/listinfo/lvs-users
