LVS-NAT connect to real server on single network NAT

Ben Wilder ben.wilder at
Tue Oct 17 11:59:42 BST 2006

Hi all 

Another problem if I may, relating to LVS-NAT (Single network)

OS is Fedora core 5 - kernel 2.6.15-1.2054_FC5 Ipvsadm version: 1.2.1

Network looks like the following (I am testing with one real server at the

[CIP] --> [eth0:1 VIP] (Director)[eth0 DIP] --> [eth0 RIP]

I have set things up in the following way (all machines are located on the
same switch at the moment)


Change net.ipv4.ip_forward = 1 in etc/sysctl.conf
Run: service iptables start
Run: iptables -Z
Run: iptables -F

Run: ipvsadm -A -t -s wlc
Run: ipvsadm -a -t -r -m

Run: echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
Run: echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects
Run: echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects

Real server:
Run: route del -net netmask dev eth0


When i attempt to retrieve a web page from the virtual IP, everything works
fine, however as mentioned in the
ne_network) I should be able to connect directly to the services on the real
servers that are not being balanced by LVS, this is the problem! Once I have
removed that route, I cannot connect directly to the real
servers for ssh / sftp etc. In this example I am attempting to connect from
[CIP] to [RIP] with ssh. 

Tcp dump on [RIP] using: tcpdump host shows nothing
as I attempt to ssh in.

Should I be modifying the routing table to allow a 192.168.0.x client to
connect directly to the real server? If so how?

I have another NIC on the real server if that helps..

Any thoughts anyone?

Thanks in advance,

