Hello,
On Fri, 4 Mar 2011, Ivan Havlicek wrote:
Also, try to increase the IPVS debug level at least to
10, so that we can see such messages:
IP_VS_DBG_PKT(10, AF_INET, pp, skb, 0, "After DNAT");
I'm afraid that this part of code is never reached !
I now remember that IP_VS_DBG_PKT uses these
new pr_debug macros, so you can enable the debugging by
adding
#define DEBUG
as first line in net/netfilter/ipvs/ip_vs_proto.c
then recompile and we can see how the packets look.
We must be sure that the right traffic reaches LOCAL_OUT.
Mar 4 16:52:58 srv1 kernel: IPVS: TCP input [S...]
10.1.12.11:389->192.168.2.111:45792 state: NONE->SYN_RECV
conn->refcnt:2
Mar 4 16:52:58 srv1 kernel: IPVS: Enter: ip_vs_nat_xmit,
net/netfilter/ipvs/ip_vs_xmit.c line 394
Mar 4 16:52:58 srv1 kernel: IPVS: Leave: ip_vs_nat_xmit,
net/netfilter/ipvs/ip_vs_xmit.c line 448
Line 448 means LeaveFunction(10) after IP_VS_XMIT
is called, packet is provided to LOCAL_OUT. That means
some packets are DNAT-ed properly by IPVS. If you add
#define DEBUG we can see exactly the IP addresses. But
I assume you do not have other traffic.
As the server 2 is working, do you have any iptables
rules in OUTPUT hook on server 1?
No, I'v any other iptables rules... (policy ACCEPT by default)
So, IPVS sends traffic to LOCAL_OUT but it does not
reach POST_ROUTING... And we know that 2.6.36 does not
hook at POST_ROUTING... Can you also add LOG rules in OUTPUT
hook, so that we can see the traffic there.
Regards
--
Julian Anastasov <[email protected]>_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - [email protected]
Send requests to [email protected]
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
