[lvs-users] IPVS with SNAT support on the kernel 2.6.36 + iptables v1.4.10
Julian Anastasov
ja at ssi.bg
Fri Mar 4 18:15:45 GMT 2011
Hello,
On Fri, 4 Mar 2011, Ivan Havlicek wrote:
>> Also, try to increase the IPVS debug level at least to
>> 10, so that we can see such messages:
>> IP_VS_DBG_PKT(10, AF_INET, pp, skb, 0, "After DNAT");
>
> I'm afraid that this part of code is never reached !
I now remember that IP_VS_DBG_PKT uses these
new pr_debug macros, so you can enable the debugging by
adding
#define DEBUG
as first line in net/netfilter/ipvs/ip_vs_proto.c
then recompile and we can see how the packets look.
We must be sure that the right traffic reaches LOCAL_OUT.
> Mar 4 16:52:58 srv1 kernel: IPVS: TCP input [S...]
> 10.1.12.11:389->192.168.2.111:45792 state: NONE->SYN_RECV
> conn->refcnt:2
> Mar 4 16:52:58 srv1 kernel: IPVS: Enter: ip_vs_nat_xmit,
> net/netfilter/ipvs/ip_vs_xmit.c line 394
> Mar 4 16:52:58 srv1 kernel: IPVS: Leave: ip_vs_nat_xmit,
> net/netfilter/ipvs/ip_vs_xmit.c line 448
Line 448 means LeaveFunction(10) after IP_VS_XMIT
is called, packet is provided to LOCAL_OUT. That means
some packets are DNAT-ed properly by IPVS. If you add
#define DEBUG we can see exactly the IP addresses. But
I assume you do not have other traffic.
>> As the server 2 is working, do you have any iptables
>> rules in OUTPUT hook on server 1?
>
> No, I'v any other iptables rules... (policy ACCEPT by default)
So, IPVS sends traffic to LOCAL_OUT but it does not
reach POST_ROUTING... And we know that 2.6.36 does not
hook at POST_ROUTING... Can you also add LOG rules in OUTPUT
hook, so that we can see the traffic there.
Regards
--
Julian Anastasov <ja at ssi.bg>
More information about the lvs-users
mailing list