Re: [lvs-users] Strange error (bug?) with source NAT

Thu, 10 Dec 2015 05:25:48 -0800 

Am Donnerstag, 10. Dezember 2015, 14:01:33 schrieb Michael Schwartzkopff:
> Hi,
> 
> For a test I set up  a LVS that should balance a telnet service inside a
> LAN.
> 
> So the client IP ist 192.168.0.1
> the virtual IP is 192.168.0.2
> 
> and the real servers IPs are 192.168.0.3 and 4.
> 
> I prepared my loadbalancer:
> echo "1" > /proc/sys/net/ip4/ip_forward
> echo "1" > /proc/sys/net/ipv4/vs/conntrack
> 
> and added:
> 
> iptables -t nat -I POSTROUTING -p tcp -s 192.168.0.0/24 -d 192.168.0.3 \
>   --destination-port=23 -j MASQUERADE
> iptables -t nat -I POSTROUTING -p tcp -s 192.168.0.0/24 -d 192.168.0.4 \
>   --destination-port=23 -j MASQUERADE
> 
> the ipvs config is:
> 
> ipvsadm -A -t 192.168.0.2:23 -s rr
> ipvsadm -a -t 192.168.0.2:23 -r 192.168.0.3:23 -m -w 1
> ipvsadm -a -t 192.168.0.2:23 -r 192.168.0.4:23 -m -w 1
> 
> Now a strange thing happens. A telnet fron the client does NOT work
> 
> # telnet 192.168.0.2
> 
> UNTIL I start tcpdump on the loadbalacer. When I watch the traffic
> everything works. I do not watch, telnet fails. The behavoiur is absolutely
> reproducable.
> 
> Oh, the interface of my loadbalancer ist a bridge br0 over the single
> interface eth0.
> 
> Did anybody implement some quantum computing in the ipvs module?
> Anybody has a explanation for that behaviour?

Solved: When I remove the bridge and use the plain eth0 interface everything 
works as expected.

Any idea why the bridged setup only works when watching?

Mit freundlichen Grüßen,

Michael Schwartzkopff

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-requ...@linuxvirtualserver.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

Reply via email to