[lvs-users] LVS-NAT only works when tcpdump runs on director

Vlad Dogaru ddvlad at rosedu.org
Thu Apr 8 17:54:59 BST 2010

Hello, everyone,

I am just getting the hang of LVS and am using a virtual machine
(OpenVZ-based) setup for this purpose. I have run into a very strage
problem while testing: the client can only connect to a RS if tcpdump
runs on the director.

My setup involves 4 virtual machines, one simulating the client and 3
real servers. The host node acts as a director.

The three real servers are connected to a bridge, br0, in
network. Thus, RIP=10.0.0.x. The client is in network,
with CIP= and VIP= The host has a masquerade
rule for the RIPs.

Now, all the machines communicate properly, questions 1-3 from [1] are
all right -- I'm not very savvy at reading tcpdump output, so I'm not
sure about the fourth. Problem is, while testing, I've noticed that if I
run a tcpdump, for instance
	tcpdump -i any -ln host
on the director, wget just works, repeatedly (hence, on different real
servers). Otherwise, if tcpdump is not running on the director, client
receives 'Connection refused' on VIP. If tcpdump is running on a RS, I
invariably get 'Connection refused' (I've tried multiple times, to
account for scheduling.

Here is the configuration on the director, though I suspect that, given
the symptoms, I could not have messed it up.

srisp-lab:~# ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  srisp-lab.local:www rr
  -> realserver3:www              Masq    1      0          0
  -> realserver2:www              Masq    1      0          0
  -> realserver1:www              Masq    1      0          0


Has anyone encountered a similar issue? Am I somehow missing the obvious?

Thanks in advance,

