[lvs-users] lvs-dr as real server + fwmark for each interface
Aseel Goro
aseel.goro at gmail.com
Fri Mar 23 13:23:57 GMT 2012
Hello all, i've googled , read and searched almost everywhere , hope you can help me,
here is my network
Router ( 192.168.0.1 ) gw for all
|
|--- real server2 ( eth0: 192.168.0.4)
|
Lvs-DR & real server1
( eth0: 192.168.0.2 )
( eth0:1 192.168.0.111 ) lvs
( eth1: 192.168.0.3 ) service nic
the service is squid, i have no arp problems , and real server2 is ok.
the router intercepts anything destination port 80 ( not from the squids ) and throughs them to the DR IP which has the 2 real servers in its list ( the local nic, and the remote server ) , the DR iptables has
iptables -t mangle -A PREROUTING -p tcp --dport 80 -i eth0:1 -j MARK --set-mark 0x1
which works fine
iptables -t mangle -A PREROUTING -p tcp --dport 80 -i eth1 -j MARK --set-mark 0x2
Now the problem is in the Nat table
because am using squid, i must use dnat or redirect to accept the incomming packets
if i do this
iptables -t nat -A PREROUTING -p tcp -m mark -- mark 0x1 -j REDIRECT
all packets are processed locally and nothing goes to real server 2
if i leave it empty or use 0x2 fwmark , real server2 works fine, but the local service does not. this is because when the DR process the packet , and tries to send it to the local nic ( it process it locally ) and the iptables fwmark 0x65 will not work and hence the packet will not be redirected at the nat table.
if i use the lo interface to mark it , all packets destined for both real servers will be processed locally.
any ideas/ theories / solutions is highly appreciated
thanks
More information about the lvs-users
mailing list