Cannot get ipvs fwmark service to work

Joseph Mack NA3T jmack at
Mon Oct 9 14:34:03 BST 2006

On Mon, 9 Oct 2006, Mindaugas wrote:

>>  ipvsadm -Sn shows:
>> -A -f 1 -s wlc -p 10
>> -a -f 1 -r -m -w 1
> Reread documentation and found myself. The problem was that LVS handles 
> packets on LOCAL_IN and my passing packets did not get there. Now I made 
> those packets as local using "ip rule add prio 1000 fwmark 1 table 100;ip 
> route add local 0/0 table 100 dev lo" and LVS started to handle them.

I'm not sure what's causing the problem. Your solution is 
ingenious, but not needed. In the HOWTO the mangle table is 
used, but I don't know if this is what you're missing.

> Now little question. I changed setup above to:
> -A -f 1 -s wlc -p 10
> -a -f 1 -r -m -w 1
> But packets are still redirected to Is it possible to 
> redirect them to port 3128 or I have to reconfigure Squid or add REDIRECT to 
> port 3128 rule on realservers?

read section 16.2.1 in the HOWTO. If you want to translate 
the ports, you'll have to do it before you mark them.


Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at
Homepage It's GNU/Linux!

More information about the lvs-users mailing list