[lvs-users] FTP data port connection not closing?

Owain Jones Owain at 4ColourDigital.com
Tue Aug 29 10:17:04 BST 2017


The packets seem to be dying at the router. As I can see the packets 
being received on the director and the response packets being sent from 
the real server.

One thing I'm thinking of, that I failed to mention earlier, is that the 
router does NAT. I've placed the VIP in the DMZ, so the director should 
be receiving all external packets directly. But the actual machines 
themselves are in the router's LAN and being NAT'ed.

As I'm using LVS-DR, then the only thing that should be being changed in 
the incoming packet is the MAC address, yes? But then, when the real 
server responds, it'll have a different MAC address to the incoming 
packet because it's actually a physically different machine.

So my thought is, could this MAC address mismatch be possibly confusing 
the router's NATting?

I guess I could test it by rewriting the MAC address on outgoing packets 
from the real server to have the MAC of the director, so that, from the 
router's perspective, the LVS is entirely transparent.

Though surely, that said, the source MAC address on outgoing packets 
shouldn't really matter, I'd have thought.


More information about the lvs-users mailing list