Analyze your connections with tcpdump and "netstat-nat -nD".
Note that the external net is 1.1.0.0/21.
Check that the connection from the backend to the client is not done
through an alternative route than the load balancer.
On Thu, Aug 28, 2014 at 4:04 PM, Jon Hoffart <jon.hoff...@medoraco.com>
wrote:
> I have two physical interfaces setup: eth0 and eth1
>
> eth0 is setup as 1.1.1.0/21
> this interface also has one virtual ip eth0:0 1.1.1.1/21
>
> eth1 is setup as 2.2.2.0/29 and has no virtual ip.
> this is programed as the Gateway in the backend server.
>
>
>
> On Aug 28, 2014, at 7:48 AM, Laura Garcia <nev...@gmail.com> wrote:
>
> > Hi Jon, your farm is perfectly configured with 1 backend. What about the
> network configuration you've set in your zlb?
> >
> >
> > On Thu, Aug 28, 2014 at 3:08 PM, Jon Hoffart <jon.hoff...@medoraco.com>
> wrote:
> > netstat -L provides a result of invalid option — ‘L’
> >
> > are you sure that the commands are netstat and not iptables. Iptables
> returns the following
> >
> >
> > iptables -L -t nat
> >
> > Chain PREROUTING (policy ACCEPT)
> > target prot opt source destination
> > DNAT tcp -- anywhere anywhere mark match
> 0x200 recent: SET name: _mail_0x200_sessions side: source /* FARM_mail_0_
> */ to:2.2.2.4
> >
> > Chain POSTROUTING (policy ACCEPT)
> > target prot opt source destination
> >
> > Chain OUTPUT (policy ACCEPT)
> > target prot opt source destination
> >
> >
> > iptables -L -t mangle
> >
> > Chain PREROUTING (policy ACCEPT)
> > target prot opt source destination
> > MARK tcp -- anywhere 1.1.1.1 statistic mode
> random probability 1.000000 multiport dports
> imap2,imaps,pop3,pop3s,smtp,ssmtp,submission,6099 /* FARM_mail_0_ */ MARK
> set 0x200
> > MARK tcp -- anywhere 1.1.1.1 recent: CHECK
> seconds: 120 name: _mail_0x200_sessions side: source multiport dports
> imap2,imaps,pop3,pop3s,smtp,ssmtp,submission,6099 /* FARM_mail_0_ */ MARK
> set 0x200
> >
> > Chain INPUT (policy ACCEPT)
> > target prot opt source destination
> >
> > Chain FORWARD (policy ACCEPT)
> > target prot opt source destination
> >
> > Chain OUTPUT (policy ACCEPT)
> > target prot opt source destination
> >
> > Chain POSTROUTING (policy ACCEPT)
> > target prot opt source destination
> >
> >
> >
> >
> >
> > On Aug 28, 2014, at 2:05 AM, Laura Garcia <nev...@gmail.com> wrote:
> >
> > > Hi Jon, could you please to paste the output of the following commands?
> > >
> > > netstat -L -t nat
> > > netstat -L -t mangle
> > >
> > > Additionally, which version are you using?
> > >
> > > Regards
> > >
> > >
> > >
> > > On Wed, Aug 27, 2014 at 8:13 PM, Jon Hoffart <jon.hoff...@medoraco.com>
> wrote:
> > > Alright here is what I have setup
> > >
> > > 1 L4xNAT farm with ip of 1.1.1.1
> > > protocol type tcp
> > > nat type DNAT
> > > load balance algorithm Weight
> > > persistence mode IP persictence
> > >
> > > 3 backend servers on a separate subnet
> > > 2.2.2.1
> > > 2.2.2.2
> > > 2.2.2.3
> > >
> > > gateways on these are set to 2.2.2.4 which is a second interface on my
> load balancer.
> > >
> > > so something like this Client 1.1.1.100/21 —> ZEN 1.1.1.102/21 —>
> Server 2.2.2.1/29
> > >
> > >
> > > On Aug 27, 2014, at 10:22 AM, Gruber Alexander <
> alexander.gru...@az-druck.de> wrote:
> > >
> > > > Hi,
> > > >
> > > > we need a lite bit more information.
> > > >
> > > > Backendservers on a different network/sub network?Like this?
> > > >
> > > > Client --192.168.0.0/24 --> ZEN -- 192.168.1.0/24 --> Server
> > > >
> > > >> Am 27.08.2014 um 18:00 schrieb "Jon Hoffart" <
> jon.hoff...@medoraco.com>:
> > > >>
> > > >> Hello,
> > > >> I currently have a L4xNAT farm setup to balance my mail servers.
> I am trying to use DNAT so I can identify were traffic is coming from, as
> NAT shows all traffic coming from the load balancer and not its original
> source. My issue with DNAT is that when I set the farm to use it I am
> unable to send or receive mail. I also tried running a port scan on the
> farms IP with DNAT enabled and it doesn’t return any open ports. Any ideas
> on what my cause an issue like this?
> > > >>
> > > >> Yes my backend servers have their gateway set to that of the load
> balancer.
> > > >>
> > > >>
> > > >>
> > > >> This e-mail and any attachments may contain confidential material
> that may not be disclosed, copied or distributed. If you are not the
> intended recipient(s), please contact the sender and delete all copies.
> > > >>
> > > >>
> ------------------------------------------------------------------------------
> > > >> Slashdot TV.
> > > >> Video for Nerds. Stuff that matters.
> > > >> http://tv.slashdot.org/
> > > >> _______________________________________________
> > > >> Zenloadbalancer-support mailing list
> > > >> Zenloadbalancer-support@lists.sourceforge.net
> > > >>
> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
> > > >
> > > >
> ------------------------------------------------------------------------------
> > > > Slashdot TV.
> > > > Video for Nerds. Stuff that matters.
> > > > http://tv.slashdot.org/
> > > > _______________________________________________
> > > > Zenloadbalancer-support mailing list
> > > > Zenloadbalancer-support@lists.sourceforge.net
> > > > https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
> > >
> > >
> > > This e-mail and any attachments may contain confidential material that
> may not be disclosed, copied or distributed. If you are not the intended
> recipient(s), please contact the sender and delete all copies.
> > >
> > >
> ------------------------------------------------------------------------------
> > > Slashdot TV.
> > > Video for Nerds. Stuff that matters.
> > > http://tv.slashdot.org/
> > > _______________________________________________
> > > Zenloadbalancer-support mailing list
> > > Zenloadbalancer-support@lists.sourceforge.net
> > > https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
> > >
> > >
> ------------------------------------------------------------------------------
> > > Slashdot TV.
> > > Video for Nerds. Stuff that matters.
> > > http://tv.slashdot.org/_______________________________________________
> > > Zenloadbalancer-support mailing list
> > > Zenloadbalancer-support@lists.sourceforge.net
> > > https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
> >
> >
> > This e-mail and any attachments may contain confidential material that
> may not be disclosed, copied or distributed. If you are not the intended
> recipient(s), please contact the sender and delete all copies.
> >
> >
> ------------------------------------------------------------------------------
> > Slashdot TV.
> > Video for Nerds. Stuff that matters.
> > http://tv.slashdot.org/
> > _______________________________________________
> > Zenloadbalancer-support mailing list
> > Zenloadbalancer-support@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
> >
> >
> ------------------------------------------------------------------------------
> > Slashdot TV.
> > Video for Nerds. Stuff that matters.
> > http://tv.slashdot.org/_______________________________________________
> > Zenloadbalancer-support mailing list
> > Zenloadbalancer-support@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
>
>
> This e-mail and any attachments may contain confidential material that may
> not be disclosed, copied or distributed. If you are not the intended
> recipient(s), please contact the sender and delete all copies.
>
>
> ------------------------------------------------------------------------------
> Slashdot TV.
> Video for Nerds. Stuff that matters.
> http://tv.slashdot.org/
> _______________________________________________
> Zenloadbalancer-support mailing list
> Zenloadbalancer-support@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
>
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Zenloadbalancer-support mailing list
Zenloadbalancer-support@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
