DNAT, LVS and MTU
cb at digitalbrain.com
Fri May 31 17:21:53 BST 2002
"mack at linux-vs.org" <mack at cheetah.linux-vs.org> writes:
> On 31 May 2002, Chris Beauchamp wrote:
> > The strange thing is, that it works fine going directly to the VIP
> > (just Masquerading outwards), and, perhaps more interestingly, if
> > there is a DNAT rule direct to Squid, it works also! Which implies
> > that its an interaction between LVS and DNAT.
> Other people on the list will know more about this than I do,
> but if you have the DNAT running on the director, you have to
> remember that LVS has an uneasy relationship with netfilter.
> It would have been nice to write LVS as a netfilter module,
> but it just couldn't be done. The result is that LVS is
> incompatible with some netfilter commands.
Aye, I saw a few previous emails and pages about that, however we're
not running DNAT on the director - the LVS stuff is colocated, the
DNAT is on our office firewall at the other end of a couple of *DSL
We've actually managed to get it working - the MTU on the office
firewall machine was set to 1450, as opposed to 1500, due to an
historical issue with the PPP protocal somewhere in the DSL
infrastructure, which as apparantly been cured, since setting it back
to 1500 appears to fix everything (and not break anything, fingers
However, I'd still like to know if anyone has any idea why at some
times it worked fine, and at others it didn't... sounds increasingly
like a question for the netfilter list as well...
More information about the lvs-users