ipvs + source nat

trietz trietz at t-ipnet.net
Thu Oct 12 14:29:30 BST 2006


im very confused and can't find any solution for my problem. These list 
is my last hope.

Im using LVS-NAT for a simple rr-loadbalancing between two sendmail 
servers. I setup a director with 3 NICs, one for the external 
connection(eth0) and the other two(eth1 and eth2) for connecting my 
realservers over crosspatch cable.
My director got two external ip adresses on the external interface.
These is the output from ip addr show:

1: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:30:05:45:8b:9d brd ff:ff:ff:ff:ff:ff
    inet x.x.x.122/27 brd x.x.x.127 scope global eth0
    inet x.x.x.123/27 brd x.x.x.127 scope global secondary eth0
2: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:30:05:3f:ab:e2 brd ff:ff:ff:ff:ff:ff
    inet brd scope global eth1
3: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:d0:b7:25:8c:06 brd ff:ff:ff:ff:ff:ff
    inet brd scope global eth2
4: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo

And these is the output from ipvsadm-save:

-A -t x.x.x.123:smtp -s rr
-a -t x.x.x.123:smtp -r -m -w 1
-a -t x.x.x.123:smtp -r -m -w 1
-A -t x.x.x.122:smtp -s rr
-a -t x.x.x.122:smtp -r -m -w 1
-A -t x.x.x.123:imaps -s rr
-a -t x.x.x.123:imaps -r -m -w 1

The packages intialized by the realservers will be SNATed with iptables 
on the director successfully.
My problem: loadbalancing works fine, but i see a lot of the reply 
packages from the realserver leaving the director on interface eth0 with 
there internal ips and

The command 'tcpdump -i eth0 -n net' shows these:

15:18:57.030848 IP > F 
3251166362:3251166362(0) ack 2859045522 win 5840
15:18:57.061016 IP > FP 
1094427615:1094427621(6) ack 855764034 win 1460 <nop,nop,timestamp 
64017492 418423715>

Any Ideas?

Thanks in advance,

