[lvs-users] lvs masq response package not getting picked up

Mon, 13 Aug 2012 04:26:27 -0700 

Hi,

I've setup a server, with public IPs (currently only one though) on one 
interface, and an internal ip on another interface - where the backend 
webservers are hosted.

My problem is that I see the request package (going to X.X.X.167 port 
80) go through to the backend fine (the Syn package) and I see the 
backend (which has the LVS server as default gw) response when I tcpdump 
on the internal interface of the LVS server.

The response however, is newer relayed on the LVS servers external 
interface :(

I hope you can help me debug, or suggest things I could do, to debug.

My setup is as follows:

I've setup ipvs in kernel, using ldirectord - ipvsadm -ln shows:
TCP  X.X.X.167:80 wrr persistent 900
   -> Y.Y.Y.105:80            Masq    2      0          0
TCP  X.X.X.167:443 wrr persistent 900
   -> Y.Y.Y.105:443           Masq    2      0          0

with X.X.X.167 being my public ip, and Y.Y.Y.105 being the internal one.

Iptables is enabled and output is like this:
[root@lb1 ~]# iptables -L -n
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW 
tcp dpt:22
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:443
ACCEPT     tcp  --  B.B.B.162       0.0.0.0/0           state NEW tcp 
dpt:8080
REJECT     all  --  0.0.0.0/0            0.0.0.0/0 reject-with 
icmp-host-prohibited

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW 
tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW 
tcp dpt:443
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED
REJECT     all  --  0.0.0.0/0            0.0.0.0/0 reject-with 
icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

[root@lb1 ~]# iptables -L -n -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

-- 
Regards,
Klavs Klavsen, GSEC - [email protected] - http://www.vsen.dk - Tlf. 61281200

"Those who do not understand Unix are condemned to reinvent it, poorly."
   --Henry Spencer


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - [email protected]
Send requests to [email protected]
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

Reply via email to