[lvs-users] LVS-NAT only works when tcpdump runs on director
ddvlad at rosedu.org
Thu Apr 8 17:54:59 BST 2010
I am just getting the hang of LVS and am using a virtual machine
(OpenVZ-based) setup for this purpose. I have run into a very strage
problem while testing: the client can only connect to a RS if tcpdump
runs on the director.
My setup involves 4 virtual machines, one simulating the client and 3
real servers. The host node acts as a director.
The three real servers are connected to a bridge, br0, in 10.0.0.0/8
network. Thus, RIP=10.0.0.x. The client is in network 192.168.0.0/24,
with CIP=192.168.0.50 and VIP=192.168.0.50. The host has a masquerade
rule for the RIPs.
Now, all the machines communicate properly, questions 1-3 from  are
all right -- I'm not very savvy at reading tcpdump output, so I'm not
sure about the fourth. Problem is, while testing, I've noticed that if I
run a tcpdump, for instance
tcpdump -i any -ln host 192.168.0.50
on the director, wget just works, repeatedly (hence, on different real
servers). Otherwise, if tcpdump is not running on the director, client
receives 'Connection refused' on VIP. If tcpdump is running on a RS, I
invariably get 'Connection refused' (I've tried multiple times, to
account for scheduling.
Here is the configuration on the director, though I suspect that, given
the symptoms, I could not have messed it up.
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP srisp-lab.local:www rr
-> realserver3:www Masq 1 0 0
-> realserver2:www Masq 1 0 0
-> realserver1:www Masq 1 0 0
Has anyone encountered a similar issue? Am I somehow missing the obvious?
Thanks in advance,
More information about the lvs-users