Netfilter connection tracking support for IPVS

Graeme Fowler graeme at graemef.net
Sat Feb 24 14:58:50 GMT 2007 

Hi all

On Sat, 2007-02-24 at 15:37 +0100, Nicklas Bondesson wrote:
> The real problem is that no matter what VIP the client is accessing they
> always get the same ip source address. This is what I'm trying to solve.

<blink>

I just re-read the entire thread and I'm now more confused than I was at
the start.

Nicklas, what you seem to be saying is that regardless of the VIP the
client connects to, they get a response from a different IP which never
varies, right?

Forgive me for stating the obvious - that's just broken. Every time (bar
one, which got fixed by fixing the FTP helper) I have setup LVS-NAT with
multiple VIPs, I haven't needed any conntrack stuff for LVS at all. The
very fact that there are multiple VIPs means that (as long as the IPVS
framework is working correctly) the responses from realserver->client
have been caught and un-NATted by LVS. No need for netfilter at all.

In the "raw", unpatched state, do you have LVS debugging enabled? It
might be worth you unpicking the nfct patch and turning on plain ole'
LVS debugging.

Graeme

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list