Idealy, the IPVS should be the default gateway for the real servers, like a router in outbound and yes, the client, and the IPVS are on different networks, real server is in a LAN directly plugged to the IPVS (xen virtual switch, all nodes are VM).
I tried to disabled the TCP checksum offload but the issue is the same in NAT mode. In DR mode, the connection is established only if i don't use the IPVS as default gateway, but now i have the same result as NAT... Perhaps the issue is external from IPVS, but i was unable to find where.. still searching. Regards, 2011/4/13 David Coulson <[email protected]>: > > > On 4/13/11 1:29 PM, Romain Meillon wrote: >> >> All tables are in ACCEPT policy on both IPVS and real server until >> i've done a correct configuration. >> >> so, as you adviced, i've done this on the real server (and tried many >> differents things) : >> >> iptables -t nat -A PREROUTING -p tcp -d<PUB_IP> -j REDIRECT > > You don't need that. >> >> ifconfig lo:0<PUB_IP> netmask 255.255.255.255 broadcast<PUB_IP> up >> >> echo 1> /proc/sys/net/ipv4/conf/lo/arp_ignore >> echo 2> /proc/sys/net/ipv4/conf/lo/arp_announce >> echo 1> /proc/sys/net/ipv4/conf/all/arp_ignore >> echo 2> /proc/sys/net/ipv4/conf/all/arp_announce >> >> This on IPVS >> >> /sbin/ipvsadm -A -t<PUB_IP>:80 -s rr >> /sbin/ipvsadm -a -t<PUB_IP>:80 -r 10.254.0.100:80 -g -w 1 >> >> /sbin/ipvsadm -A -t<PUB_IP>:25 -s rr >> /sbin/ipvsadm -a -t<PUB_IP>:25 -r 10.254.0.100:25 -g -w 1 >> >> and to have internet connectivity on the real server through the IPVS >> (perhaps i shouldn't? ): >> iptables -t nat -A POSTROUTING -s 10.254.0.100/24 -j MASQUERADE > > Is the IPVS system your network default gateway? if not, you don't need > that. >> >> The connection cannot be established from the client, no packet are >> back from the IPVS... >> >> Here is the tcpdump on the IPVS, it seems that packets go back to the >> client ! : >> >> 19:14:37.720321 IP<CLIENT_IP>.62096> <PUB_IP>.25: Flags [S], seq >> 1997275050, win 8192, options [mss 1460,nop,nop,sackOK], length 0 >> 19:14:37.720684 IP<PUB_IP>.25> <CLIENT_IP>62096: Flags [S.], seq >> 677256198, ack 1997275051, win 5840, options [mss >> 1460,nop,nop,sackOK], length 0 > > Why is the syn ack seen at all on the IPVS host? It should go direct from > the real server to your network default gateway, then to client. Client IP > in this case is on a different network to both public IP and real server IP? > > Have you tested from a client system on the local network? > -- Romain Meillon Responsable Technique ServiTICs 91 rue de Bucarest 13300 Salon de Provence [email protected] _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
