SNAT Confusion

Janusz Krzysztofik jkrzyszt at tis.icnet.pl
Mon Mar 19 12:06:35 GMT 2007 

Rodre Ghorashi-Zadeh napisał(a):
> In regards to my problem I still can't get the reply packets, once 
> SNAT-ed, sent to the realserver, and sent back to the director to be 
> accepted by the director and sent back to the client. I am thinking it 
> might have some thing to do with some of the the /proc/sys/net/ipv4 
> params, anyone have any ideas? I am totally stumped.

Rod,

I assume you can see reply packets on your director incomming interface 
(with tcpdump or somethin glike this). I would advise you to set up some 
iptables rules just for tracing your missing packets. You should be able 
to detect them in PREROUTING mangle, FORWARD mangle and filter, then 
POSTROUTING mangle. You could also check if they are seen by conntrack, 
just examine /proc/net/ip_conntrack for status of corresponding entries. 
If you suspect packets could be dropped by routing logic (rp_filter 
set?), try setting /proc/sys/net/ipv4/conf/<iif>/log_martians to 1, 
maybe you get some messages in your syslog. If you still get no results, 
please send some output you get, maybe I can help.

Cheers,
Janusz

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list