[lvs-users] CentOS 4.7 (2.6.9-based) -- LVS-NAT return packets leaving via wrong interface

Charles Duffy charles at dyfis.net
Thu Mar 12 00:14:51 GMT 2009


I have a two-interface configuration on my director, where each 
interface is on a different subnet -- an internal interface with the 
realservers, and an external one with the VIPs. Using LVS-NAT, SYN 
packets are correctly routed by the director to an appropriate 
realserver and ACKs are appropriately routed back to the director from 
the realclient (via the default gateway) -- but when the director emits 
the demasqueraded ACK to be sent to the client, it does so on the 
internal interface rather than the external one, and the router between 
the two (which I don't control) is disinclined to forward it.

I've tried to work around this using source routing, as follows:

# ip rule show
0:      from all lookup local
32764:  from <INTERNAL_NET> lookup int
32765:  from <EXTERNAL_NET> lookup ext
32766:  from all lookup main
32767:  from all lookup default
# ip route show table ext
<EXTERNAL_NET> dev eth1  scope link
default via <EXTERNAL_GW> dev eth1
# ip route show table int
<INTERNAL_NET> dev eth0  scope link
default via <INTERNAL_GW> dev eth0

As the demasqueraded packets have a source address on <EXTERNAL_NET>, I 
would expect them to leave on eth1 via <EXTERNAL_GW>. However, this does 
not happen -- the demasqueraded packet attempts to leave via eth0, and 
thus never reaches its destination.

Any hints?

More information about the lvs-users mailing list