Thanks for your reply When the real server anwers to the client through the IPVS, the packet is 'un-NATed' and arrives to the client with the public IP as source.
If i use direct routing, the IPVS redirects the packet without NAT so the services need to listen on the public IP, on the real server ? Real server tcpdump in gate mode : 17:30:25.934418 IP <CLIENT_IP>.60719 > <PUB_IP>.25: S 1495274318:1495274318(0) win 8192 <mss 1460,nop,nop,sackOK> 17:30:25.934423 IP <CLIENT_IP>.60719 > <PUB_IP>.25: S 1495274318:1495274318(0) win 8192 <mss 1460,nop,nop,sackOK> 17:30:25.934467 IP <CLIENT_IP>.60719 > <PUB_IP>.25: S 1495274318:1495274318(0) win 8192 <mss 1460,nop,nop,sackOK> 17:30:25.934471 IP <CLIENT_IP>.60719 > <PUB_IP>.25: S 1495274318:1495274318(0) win 8192 <mss 1460,nop,nop,sackOK> 17:30:25.934516 IP <CLIENT_IP>.60719 > <PUB_IP>.25: S 1495274318:1495274318(0) win 8192 <mss 1460,nop,nop,sackOK> 17:30:25.934538 IP 10.254.0.100 > <CLIENT_IP>: ICMP time exceeded in-transit, length 56 No service listening on this IP, no connection established, normal. There is something i missed 2011/4/13 David Coulson <[email protected]>: > On 4/13/11 10:45 AM, Romain Meillon wrote: >> >> 16:31:55.428339 IP<CLIENT_IP>.59856> 10.254.0.100.25: S >> 4217040225:4217040225(0) win 8192<mss 1460,nop,nop,sackOK> >> 16:31:55.428402 IP 10.254.0.100.25> <CLIENT_IP>.59856: S >> 2200826876:2200826876(0) ack 4217040226 win 5840<mss >> 1460,nop,nop,sackOK> >> 16:31:55.474609 IP<CLIENT_IP>.59856> 10.254.0.100.25: . ack 1 win 64240 >> 16:31:55.505497 IP 10.254.0.100.25> <CLIENT_IP>.59856: P 1:49(48) ack >> 1 win 5840 >> 16:31:58.505138 IP 10.254.0.100.25> <CLIENT_IP>.59856: P 1:49(48) ack >> 1 win 5840 >> >> if someone can enlighten me i would be enjoyed :) > > When you use Masq the response has to route back through the IPVS server to > 'un-NAT' the packet. You may be better off using direct/gateway routing, > which handles this type of asymmetric routing. > > David > -- Romain _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
