Hello Julian, Your answer helped me solve the problem:
Since the box has its public facing interface setup with $DIP and an alias interface for the $VIP I needed to make one more additional setting shown below. Replacing the route enabled successfully sending and delivering the SYN packet to one of the real servers, but the SYN-ACK packet that was received was considered by the kernel a martian packet since the source IP was $VIP (assigned to the director's local interface) and destination IP - the $DIP. This was solved by setting accept_local to 1: sysctl -w net.ipv4.conf.all.accept_local=1 So in summary: ip route replace local $VIP dev $DEV proto kernel scope host src $DIP sysctl -w net.ipv4.conf.all.accept_local=1 Not sure if setting accept_local to 1 will lead to other problems, but everything works okay for now. Thanks for you help, Viktor On Wed, Aug 8, 2018 at 10:33 PM Julian Anastasov <[email protected]> wrote: > > Hello, > > On Wed, 8 Aug 2018, Viktor Nonov wrote: > > > I have a pretty simple setup for 2 real servers getting direct routing > from > > a linux director. > > [image: unnamed.png] > > Things work great for clients outside of the network (like from my local > > machine), but if I try to make a request (through curl) to the VIP from > the > > Linux Director machine, I get a timeout & no requests make it to the Real > > Server. > > > > Any pointers? > > Probably because VIP is used as source IP in director. Try > ip route replace local $VIP dev $DEV proto kernel scope host src $DIP > > where VIP is your virtual IP and DIP is your unique IP in director. > Before that you can see the route that is to be replaced with > ip route list table local > > Regards > > -- > Julian Anastasov <[email protected]> > -- Viktor Nonov Software Engineer <img src=" https://googledrive.com/host/0B4qfwyJLCrqPWDAwLXpYbmY4OGM/signature_logo.jpg "> _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
