[lvs-users] CentOS 4.7 (2.6.9-based) -- LVS-NAT return packets leaving via wrong interface

Joseph Mack NA3T jmack at wm7d.net
Thu Mar 12 01:27:08 GMT 2009

On Wed, 11 Mar 2009, Charles Duffy wrote:

> Howdy!
> I have a two-interface configuration on my director, where each
> interface is on a different subnet -- an internal interface with the
> realservers, and an external one with the VIPs. Using LVS-NAT, SYN
> packets are correctly routed by the director to an appropriate
> realserver and ACKs are appropriately routed back to the director from
> the realclient (via the default gateway) -- but when the director emits
> the demasqueraded ACK to be sent to the client, it does so on the
> internal interface rather than the external one,

This is supposed to work.

Things to look for would be

o you have an after market enhanced version of LVS. Use a 
standard kernel not a centos kernel

o you have iptables rules running.

> I've tried to work around this using source routing, as follows:

this is not the solution

