can't get redirection / load balacing to work
Ookhoi
ookhoi@dds.nl
Mon, 19 Jun 2000 18:50:02 +0200
Hi!
I've searched for three days through the howto's, the mailinglist
archive and the iptables manual, but to no avail.
I have one machine which I'll call Client, one Bridge, and one Server.
Now I want to connect from Client to Bridge, and then I want Bridge to
redirect the connection to Server.
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -j DNAT --to Server
Then I try to connect from Client to Bridge
ookhoi@Client:~$ telnet Bridge 80
Trying <Bridge-ip>...
and then I ^C it because it doesn't connect.
tcpdump on Client says:
tcpdump: listening on eth0
18:04:06.122624 Client.1032 > Client.www: S 618473248:618473248(0) win 32120 <mss 1460,sackOK,timestamp 613277[|tcp]> (DF) [tos 0x10]
18:04:06.133589 Server.www > Client.1032: S 614045998:614045998(0) ack 618473249 win 31856 <mss 1460,sackOK,timestamp 209929111[|tcp]> (DF)
18:04:06.133958 Client.1032 > Server.www: R 618473249:618473249(0) win 0
3 packets received by filter
0 packets dropped by kernel
tcpdump on Bridge says:
eth0: Setting promiscuous mode.
tcpdump: listening on eth0
/8:04:06.090136 Bridge.1032 > Server.www: S 618473248:618473248(0) win 32120 <mss 1460,sackOK,timestamp 613277[|tcp]> (DF) [tos 0x10]
18:04:06.090261 Bridge.1032 > Server.www: S 618473248:618473248(0) win 32120 <mss 1460,sackOK,timestamp 613277[|tcp]> (DF) [tos 0x10]
2 packets received by filter
0 packets dropped by kernel
eth0: Setting promiscuous mode.
tcpdump on Server says:
tcpdump: listening on eth0
18:04:06.093138 Client.1032 > Server.www: S 618473248:618473248(0) win 32120 <mss 1460,sackOK,timestamp 613277[|tcp]> (DF) [tos 0x10]
18:04:06.103394 Server.www > Client.1032: S 614045998:614045998(0) ack 618473249 win 31856 <mss 1460,sackOK,timestamp 209929111[|tcp]> (DF)
18:04:06.104217 Client.1032 > Server.www: R 618473249:618473249(0) win 0
3 packets received by filter
0 packets dropped by kernel
I must do something wrong, and I don't fully understand the tcpdumps..
For example, why does the Client tcpdump says that it connects from Client
to Client?
Is "iptables -t nat -A PREROUTING -j DNAT --to Server" correct?
Bridge is 2.4.0-test1-pre21, and I also tried with pre19. iptables on
Bridge is v1.1.0
if I do "iptables -t nat -A PREROUTING -j DNAT -p tcp --to Bridge:25"
and then connect from Client to Bridge:<anyPort>, it does bring me to
port 25 of Bridge.
Finally I would like to let Bridge do load balancing, and put more
Servers behind it.
I appreciate all rtfm's, url's, howto's, enz.
Ookhoi
PS.
Some things from .config:
CONFIG_EXPERIMENTAL=y
CONFIG_MODULES=y <== read about problems without this one
# CONFIG_MODVERSIONS is not set
CONFIG_KMOD=y
CONFIG_NET=y
CONFIG_SYSVIPC=y
CONFIG_BSD_PROCESS_ACCT=y
CONFIG_SYSCTL=y
CONFIG_KCORE_ELF=y
CONFIG_PACKET=y
CONFIG_PACKET_MMAP=y
CONFIG_NETLINK=y
CONFIG_RTNETLINK=y
# CONFIG_NETLINK_DEV is not set
CONFIG_NETFILTER=y
CONFIG_NETFILTER_DEBUG=y
# CONFIG_FILTER is not set
CONFIG_UNIX=y
CONFIG_INET=y
# CONFIG_IP_MULTICAST is not set
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_RTNETLINK=y
CONFIG_NETLINK=y
# CONFIG_IP_MULTIPLE_TABLES is not set
# CONFIG_IP_ROUTE_MULTIPATH is not set
# CONFIG_IP_ROUTE_TOS is not set
CONFIG_IP_ROUTE_VERBOSE=y
# CONFIG_IP_ROUTE_LARGE_TABLES is not set
# CONFIG_IP_PNP is not set
CONFIG_IP_ROUTER=y
# CONFIG_NET_IPIP is not set
# CONFIG_NET_IPGRE is not set
CONFIG_IP_ALIAS=y
# CONFIG_ARPD is not set
CONFIG_SYN_COOKIES=y
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_FTP=y
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_LIMIT=y
CONFIG_IP_NF_MATCH_MAC=y
CONFIG_IP_NF_MATCH_MARK=y
CONFIG_IP_NF_MATCH_MULTIPORT=y
CONFIG_IP_NF_MATCH_TOS=y
CONFIG_IP_NF_MATCH_STATE=y
CONFIG_IP_NF_MATCH_UNCLEAN=y
CONFIG_IP_NF_MATCH_OWNER=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_MIRROR=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_TOS=y
CONFIG_IP_NF_TARGET_MARK=y
CONFIG_IP_NF_TARGET_LOG=y
# CONFIG_IPV6 is not set
CONFIG_NET_SCHED=y
CONFIG_NETLINK=y
CONFIG_RTNETLINK=y
CONFIG_NET_SCH_CBQ=y
# CONFIG_NET_SCH_CSZ is not set
# CONFIG_NET_SCH_PRIO is not set
# CONFIG_NET_SCH_RED is not set
# CONFIG_NET_SCH_SFQ is not set
# CONFIG_NET_SCH_TEQL is not set
# CONFIG_NET_SCH_TBF is not set
# CONFIG_NET_SCH_GRED is not set
# CONFIG_NET_SCH_DSMARK is not set
# CONFIG_NET_SCH_INGRESS is not set
CONFIG_NET_QOS=y
CONFIG_NET_ESTIMATOR=y
CONFIG_NET_CLS=y
# CONFIG_NET_CLS_TCINDEX is not set
CONFIG_NET_CLS_ROUTE4=y
CONFIG_NET_CLS_ROUTE=y
CONFIG_NET_CLS_FW=y
CONFIG_NET_CLS_U32=y
# CONFIG_NET_CLS_RSVP is not set
# CONFIG_NET_CLS_RSVP6 is not set
# CONFIG_NET_CLS_POLICE is not set
CONFIG_NETDEVICES=y
# CONFIG_ARCNET is not set
CONFIG_DUMMY=y
# CONFIG_BONDING is not set
# CONFIG_EQUALIZER is not set
# CONFIG_ETHERTAP is not set
# CONFIG_NET_SB1000 is not set
CONFIG_NET_ETHERNET=y
CONFIG_NET_VENDOR_3COM=y
CONFIG_VORTEX=m