Howdy! I have a two-interface configuration on my director, where each interface is on a different subnet -- an internal interface with the realservers, and an external one with the VIPs. Using LVS-NAT, SYN packets are correctly routed by the director to an appropriate realserver and ACKs are appropriately routed back to the director from the realclient (via the default gateway) -- but when the director emits the demasqueraded ACK to be sent to the client, it does so on the internal interface rather than the external one, and the router between the two (which I don't control) is disinclined to forward it.
I've tried to work around this using source routing, as follows: # ip rule show 0: from all lookup local 32764: from <INTERNAL_NET> lookup int 32765: from <EXTERNAL_NET> lookup ext 32766: from all lookup main 32767: from all lookup default # ip route show table ext <EXTERNAL_NET> dev eth1 scope link default via <EXTERNAL_GW> dev eth1 # ip route show table int <INTERNAL_NET> dev eth0 scope link default via <INTERNAL_GW> dev eth0 As the demasqueraded packets have a source address on <EXTERNAL_NET>, I would expect them to leave on eth1 via <EXTERNAL_GW>. However, this does not happen -- the demasqueraded packet attempts to leave via eth0, and thus never reaches its destination. Any hints? _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
