On 23.06.2014 11:57, Anders Henke wrote: > On 18.06.2014, Stephen Carville wrote: >> I set up a CentOS 6.5 box to test ipvsadm. So far I have been unable to >> get it to forward connections. When I try to connect, it doesn't write >> anything in /var/log/messages to tell me what is happening. Netstat >> doesn't see anything listening on the interface IP (I read elsewhere >> that is normal) and tshark sees the incoming SYN but there is either a >> timeout or a RST. >> >> Rules right now: >> >> $ ipvsadm -L >> >> IP Virtual Server version 1.2.1 (size=4096) >> Prot LocalAddress:Port Scheduler Flags >> -> RemoteAddress:Port Forward Weight ActiveConn InActConn >> TCP 10.212.160.40:4172 lc persistent 360 >> -> 10.212.170.162:4172 Route 1 0 0 >> -> 10.212.170.163:4172 Route 1 0 0 >> >> IP forwarding is turned on: >> >> $ sysctl net.ipv4.ip_forward >> net.ipv4.ip_forward = 1 > > Short answer: switch to kernel 3.6 or newer, turn off rp_filter for the > interface receiving the reply packet, and replace rp_filter functionality by > more accurate and flexible iptables rules in the FORWARD chain.
Since he is running CentOS 6.5 he can simply set /proc/sys/net/ipv4/conf/<interface>/accept_local to 1 to prevent packets from being dropped as martians. This was introduced in 2.6.33 but backported to recent RHEL/CentOS kernels so no need to go to 3.6 or newer. You still have to set the rp_filter though since this is a different isssue than the martian packet one. Regards, Dennis _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users