[lvs-users] ipvsadm is not forwarding connections

Dennis Jacobfeuerborn dennisml at conversis.de
Mon Jun 23 15:20:57 BST 2014


On 23.06.2014 11:57, Anders Henke wrote:
> On 18.06.2014, Stephen Carville wrote:
>> I set up a CentOS 6.5 box to test ipvsadm. So far I have been unable to
>> get it to forward connections. When I try to connect, it doesn't write
>> anything in /var/log/messages to tell me what is happening. Netstat
>> doesn't see anything listening on the interface IP (I read elsewhere
>> that is normal) and tshark sees the incoming SYN but there is either a
>> timeout or a RST.
>>
>> Rules right now:
>>
>> $ ipvsadm -L
>>
>> IP Virtual Server version 1.2.1 (size=4096)
>> Prot LocalAddress:Port Scheduler Flags
>>   -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
>> TCP  10.212.160.40:4172 lc persistent 360
>>   -> 10.212.170.162:4172          Route   1      0          0
>>   -> 10.212.170.163:4172          Route   1      0          0
>>
>> IP forwarding is turned on:
>>
>> $ sysctl net.ipv4.ip_forward
>> net.ipv4.ip_forward = 1
> 
> Short answer: switch to kernel 3.6 or newer, turn off rp_filter for the interface receiving the reply packet, and replace rp_filter functionality by more accurate and flexible iptables rules in the FORWARD chain.

Since he is running CentOS 6.5 he can simply set
/proc/sys/net/ipv4/conf/<interface>/accept_local to 1 to prevent packets
from being dropped as martians. This was introduced in 2.6.33 but
backported to recent RHEL/CentOS kernels so no need to go to 3.6 or newer.
You still have to set the rp_filter though since this is a different
isssue than the martian packet one.

Regards,
  Dennis




More information about the lvs-users mailing list