Dear lvs-users, eth0: 10.1.111.0 subnet eth1 172.16.10.0 subnet
For the LVS configuration paste below, I have the problem of leakage of packets with real IPs of real server even on the external VIP interface. In the case, connections to 10.1.111.14 load balanced into 172.16.10.42 and 172.16.10.43 in LVS-Nat mode. Most of the packets are correctly masqueraded. However in the external interface which is on 10.1.111.0 subnet I see some packets with src: 172.16.10.42 dst: 10.101.1.37 (one of lost of client IPs) It should have been nat'ed as src: 10.1.111.14 dst: 10.101.1.37 Anybody has any idea? Extra Information: Linux Centos 3 Kernel 2.6.9-42 ipvsadm utils: 1.2.4-6 IP Virtual Server version 1.2.0 (size=4096) # tcpdump -i eth0 -n net 172.16.0.0/16 tcpdump: listening on eth0 11:49:44.626034 172.16.10.42.http > 10.101.1.37.1914: F 3758377743:3758377743(0) ack 805382438 win 49640 (DF) 1 packets received by filter 0 packets dropped by kernel # tcpdump -i eth0 -n port not 22 tcpdump: listening on eth0 11:49:51.225919 10.155.1.13.1138 > 10.1.111.14.http: . ack 1594576359 win 65535 <nop,nop,timestamp 11771 39000469> (DF) 11:49:51.232295 10.134.1.140.3678 > 10.1.111.14.http: P 402277521:402278558(1037) ack 470161753 win 65316 (DF) 11:49:51.233242 10.134.1.140.3677 > 10.1.111.14.http: P 3239431185:3239432222(1037) ack 469403328 win 64343 (DF) 11:49:51.234229 10.1.111.14.http > 10.134.1.140.3678: P 1:220(219) ack 1037 win 49640 (DF) 11:49:51.235358 10.1.111.14.http > 10.134.1.140.3677: P 1:220(219) ack 1037 win 49640 (DF) ...lots of more correct packets # ipvsadm -L -n IP Virtual Server version 1.2.0 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 10.1.111.14:80 rr persistent 180 -> 172.16.10.43:80 Masq 1 41 149 -> 172.16.10.42:80 Masq 1 104 18 # ipvsadm -L -n --stats IP Virtual Server version 1.2.0 (size=4096) Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes -> RemoteAddress:Port TCP 10.1.111.14:80 42595 2016238 3081282 657660K 3852M -> 172.16.10.43:80 35924 1019050 1524973 311682K 1819M -> 172.16.10.42:80 6671 997189 1556309 345977K 2033M # ipvsadm -L -n -c | wc -l 565 # ipvsadm -L -n --thresholds IP Virtual Server version 1.2.0 (size=4096) Prot LocalAddress:Port Uthreshold Lthreshold ActiveConn InActConn -> RemoteAddress:Port TCP 10.1.111.14:80 rr persistent 180 -> 172.16.10.43:80 0 0 29 147 -> 172.16.10.42:80 0 0 118 13 _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
