Hi, Been using this setup on at least 4 different installations without this issue... we have multiple virtual services and use iptables MARK to tag the packets for each virtual service.
My problem is that when I enable/configure persistence on IPVS the client gets "connection refused". The same config *without* persistence works fine. System: ======= Kernel: 2.6.29.6-smp (vanilla from Slackware 13.0) ipvsadm v1.25 2008/5/15 (compiled with popt and IPVS v1.2.1) iptables v1.4.3.2 iptables: ========= iptables -L -n -t mangle Chain PREROUTING (policy ACCEPT) target prot opt source destination MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 MARK xset 0x1/0xffffffff MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9201 MARK xset 0x1/0xffffffff MARK udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:9200:9201 MARK xset 0x2/0xffffffff ipvsadm: ======== ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn FWM 1 lc -> 192.168.22.11:0 Masq 100 0 0 FWM 2 lc -> 192.168.22.11:0 Masq 100 0 0 IPVS debug when persistence is *ON*: ===================================== kernel: IPVS: lookup/in TCP 160.124.109.65:43100->192.168.1.1:8080 not hit kernel: IPVS: lookup/out TCP 160.124.109.65:43100->192.168.1.1:8080 not hit kernel: IPVS: lookup service: fwm 1 TCP 192.168.1.1:8080 hit kernel: IPVS: p-schedule: src 160.124.109.65:43100 dest 192.168.1.1:8080 mnet 160.124.109.65 kernel: IPVS: template lookup/in IP 160.124.109.65:0->0.0.0.0:0 not hit IPVS debug when persistence is *OFF*: ===================================== kernel: IPVS: lookup/in TCP 160.124.109.65:43098->192.168.1.1:8080 not hit kernel: IPVS: lookup/out TCP 160.124.109.65:43098->192.168.1.1:8080 not hit kernel: IPVS: lookup service: fwm 1 TCP 192.168.1.1:8080 hit kernel: IPVS: ip_vs_rr_schedule(): Scheduling... kernel: IPVS: RR: server 192.168.22.11:0 activeconns 0 refcnt 3 weight 100 kernel: IPVS: Bind-dest TCP c:160.124.109.65:43098 v:192.168.1.1:8080 d:192.168.22.11:8080 fwd:M s:0 conn->flags:100 conn->refcnt:1 dest->refcnt:4 kernel: IPVS: Schedule fwd:M c:160.124.109.65:43098 v:192.168.1.1:8080 d:192.168.22.11:8080 conn->flags:140 conn->refcnt:2 kernel: IPVS: TCP input [S...] 192.168.22.11:8080->160.124.109.65:43098 state: NONE->SYN_RECV conn->refcnt:2 kernel: Enter: ip_vs_nat_xmit, net/netfilter/ipvs/ip_vs_xmit.c line 359 kernel: IPVS: After DNAT: TCP 160.124.109.65:43098->192.168.22.11:8080 kernel: Leave: ip_vs_nat_xmit, net/netfilter/ipvs/ip_vs_xmit.c line 411 kernel: IPVS: lookup/out TCP 192.168.22.11:8080->160.124.109.65:43098 hit kernel: IPVS: After SNAT: TCP 192.168.1.1:8080->160.124.109.65:43098 kernel: IPVS: lookup/in TCP 160.124.109.65:43098->192.168.1.1:8080 hit kernel: IPVS: TCP input [..A.] 192.168.22.11:8080->160.124.109.65:43098 state: SYN_RECV->ESTABLISHED conn->refcnt:2 kernel: Enter: ip_vs_nat_xmit, net/netfilter/ipvs/ip_vs_xmit.c line 359 kernel: IPVS: After DNAT: TCP 160.124.109.65:43098->192.168.22.11:8080 kernel: Leave: ip_vs_nat_xmit, net/netfilter/ipvs/ip_vs_xmit.c line 411 -- __Deon_______________________________________________ TruTeq Wireless (Pty) Ltd. Tel: +27 12 667 1530 http://www.truteq.co.za Fax: +27 12 667 1531 Timezone: SAST GMT+2 Copyright&Legal: http://truteq.co.za/legal_notice.pdf _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users
