The client computer and the realserver are both on the same segment connected to the director's eth1. (MOST client computers are on the other side of the director on eth0.) The VS is configured on eth0 in LVS-NAT mode. Clients on the "outside" connect through the director to the RS fine. The one client on the inside cannot connect through the VS on eth0. It just times out. I looked into this once before and it has to do with icmp redirects, local routing, ARPs, and so on. Bottom line is that the client's SYN packet gets redirected through LVS, but the server's SYN-ACK goes straight to the client since they are both on the same segment. The client ignores it because it comes from the wrong IP address. You're right... the "newer implementations" comment was muddy thinking.
-- Eric Robinson -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Joseph Mack NA3T Sent: Wednesday, March 11, 2009 4:43 AM To: LinuxVirtualServer.org users mailing list. Subject: Re: [lvs-users] Do newer LVS implementations allow hairpinning? On Tue, 10 Mar 2009, Robinson, Eric wrote: > Do newer LVS implementations allow hairpinning requests back out the > same interface they arrived on? In other words, if my load balancer > has virtual services listening on its eth0, and the realservers are on > eth1, is it possible for a client computer on eth1 a client computer can be attached to any NIC on the director. > to connect to the VS on eth0 and be redirected back to one of the RS's > on eth1? Provided you haven't done something to block the routing, it should work. I don't know what "newer LVS implementations" has to do with this Joe -- Joseph Mack NA3T EME(B,D), FM05lw North Carolina jmack (at) wm7d (dot) net - azimuthal equidistant map generator at http://www.wm7d.net/azproj.shtml Homepage http://www.austintek.com/ It's GNU/Linux! _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users Disclaimer - March 12, 2009 This email and any files transmitted with it are confidential and intended solely for LinuxVirtualServer.org users mailing list.. If you are not the named addressee you should not disseminate, distribute, copy or alter this email. Any views or opinions presented in this email are solely those of the author and might not represent those of . Warning: Although has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. This disclaimer was added by Policy Patrol: http://www.policypatrol.com/ _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
