SNAT / Masquerading problems using LVS-NAT

Rudd, Michael Michael.Rudd at tekelec.com
Mon Mar 19 13:09:32 GMT 2007 

My current setup has 1 director and 2 servers behind it. Heres the dump
from ipvsadm. 
 
[root at jackets-a sysconfig]# ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
UDP  192.168.67.213:domain rr ops
  -> dnsa-c:domain                Masq    1      0          110935    
  -> dnsa-d:domain                Masq    1      0          110934    
[root at jackets-a sysconfig]# 

LVS is working the way it should except return packets are not the
correct source IP address. They should be from 192.168.67.213 which is
the address of the service. Instead they are the address of the real
server. This worked in kernel 2.4 when I tested it 2 months ago. Now its
broken in my 2.6.18 kernel. 
 
Heres also a dump from ip addr. We are doing our dns traffic based on
bond1.201. 
...
8: bond0: <BROADCAST,MULTICAST,MASTER,UP,10000> mtu 1500 qdisc noqueue 
    link/ether 00:04:23:c5:63:fc brd ff:ff:ff:ff:ff:ff
9: bond1: <BROADCAST,MULTICAST,MASTER,UP,10000> mtu 1500 qdisc noqueue 
    link/ether 00:04:23:c5:63:fd brd ff:ff:ff:ff:ff:ff
10: bond2: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop 
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
11: bond3: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop 
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
12: bond0.200 at bond0: <BROADCAST,MULTICAST,MASTER,UP,10000> mtu 1500
qdisc noqueue 
    link/ether 00:04:23:c5:63:fc brd ff:ff:ff:ff:ff:ff
    inet 192.168.66.214/24 brd 192.168.66.255 scope global bond0.200
    inet 192.168.66.244/24 brd 192.168.66.255 scope global secondary
bond0.200
13: bond0.202 at bond0: <BROADCAST,MULTICAST,MASTER,UP,10000> mtu 1500
qdisc noqueue 
    link/ether 00:04:23:c5:63:fc brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.104/24 brd 192.168.2.255 scope global bond0.202
    inet 192.168.2.101/24 brd 192.168.2.255 scope global secondary
bond0.202
14: bond1.201 at bond1: <BROADCAST,MULTICAST,MASTER,UP,10000> mtu 1500
qdisc noqueue 
    link/ether 00:04:23:c5:63:fd brd ff:ff:ff:ff:ff:ff
    inet 192.168.67.214/24 brd 192.168.67.255 scope global bond1.201
    inet 192.168.67.213/24 brd 192.168.67.255 scope global secondary
bond1.201
[root at jackets-a sysconfig]# 
 
I've tried the ip_route_me_harder patch I found here
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-NAT.html#brow
nfield but it doesnt appear to work correctly at least for me. Anybody
got any clues as to what broke in 2.6 for this?
 
Thanks
Mike

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list