ipvsadm 转发问题

skywh_2001

在eth1看看 tcpdump -i eth1 -nnn 'tcp and src port 21'
除了tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
没有其他如何输出

为什么要关闭所有机器的iptables？？

[ 本帖最后由 skywh_2001 于 2007-5-16 15:24 编辑 ]

qtdszws

>>为什么要关闭所有机器的iptables？？
怕有干扰

>>没有其他如何输出
这就怪了，照理数据应该返回给客户端了.我想不出有什么地方出了问题

执行以下
dmesg -c
iptables -A FORWARD -p tcp --sport 21 -j LOG --log-prefix FORWARD
iptables -t nat -A POSTROUTING -p tcp --sport 21 -j LOG --log-prefix POSTROUTING

客户端刷新以下，dmesg看看结果

dingxincai

你试过在防火墙上给ftp打标记吗

dingxincai

你把realserver先做成web server 做一下测试，看nat是不是能正常工作，然后在加入ftpserver,
实现ftp的lvs－nat，需要在防火墙上给ftp打标记

skywh_2001

这是我在VS上的监测
[root@localhost ~]# tcpdump -i eth1 -nnn 'tcp and src port 21'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
16:18:28.886559 IP 192.168.0.24.21 > 192.168.0.188.1147: S 1668927168:1668927168(0) ack 1886514398 win 5840 <mss 1460,nop,nop,sackOK>
16:18:28.888245 IP 192.168.0.24.21 > 192.168.0.188.1147: P 1:29(2 ack 1 win 5840
16:18:28.888468 IP 192.168.0.24.21 > 192.168.0.188.1147: F 29:29(0) ack 1 win 5840
16:18:35.073192 IP 192.168.0.24.21 > 192.168.0.188.1148: S 1659958277:1659958277(0) ack 719216676 win 5840 <mss 1460,nop,nop,sackOK>
16:18:35.074975 IP 192.168.0.24.21 > 192.168.0.188.1148: P 1:29(2 ack 1 win 5840
16:18:35.075344 IP 192.168.0.24.21 > 192.168.0.188.1148: F 29:29(0) ack 1 win 5840
16:18:37.697668 IP 192.168.0.24.21 > 192.168.0.188.1149: S 1672675050:1672675050(0) ack 3575207895 win 5840 <mss 1460,nop,nop,sackOK>
16:18:37.699945 IP 192.168.0.24.21 > 192.168.0.188.1149: P 1:29(2 ack 1 win 5840
16:18:37.700375 IP 192.168.0.24.21 > 192.168.0.188.1149: F 29:29(0) ack 1 win 5840


[root@localhost netfilter]# tcpdump -i eth0 -nnn 'tcp and port 21'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
16:18:28.886449 IP 192.168.0.188.1147 > 10.0.0.13.21: S 1886514397:1886514397(0) win 65535 <mss 1460,nop,nop,sackOK>
16:18:28.886545 IP 10.0.0.13.21 > 192.168.0.188.1147: S 1668927168:1668927168(0) ack 1886514398 win 5840 <mss 1460,nop,nop,sackOK>
16:18:28.886658 IP 192.168.0.188.1147 > 10.0.0.13.21: . ack 1 win 65535
16:18:28.888215 IP 10.0.0.13.21 > 192.168.0.188.1147: P 1:29(2 ack 1 win 5840
16:18:28.888453 IP 10.0.0.13.21 > 192.168.0.188.1147: F 29:29(0) ack 1 win 5840
16:18:28.888576 IP 192.168.0.188.1147 > 10.0.0.13.21: . ack 30 win 65507
16:18:28.890920 IP 192.168.0.188.1147 > 10.0.0.13.21: R 1:1(0) ack 30 win 0
16:18:35.073046 IP 192.168.0.188.1148 > 10.0.0.12.21: S 719216675:719216675(0) win 65535 <mss 1460,nop,nop,sackOK>
16:18:35.073177 IP 10.0.0.12.21 > 192.168.0.188.1148: S 1659958277:1659958277(0) ack 719216676 win 5840 <mss 1460,nop,nop,sackOK>
16:18:35.073327 IP 192.168.0.188.1148 > 10.0.0.12.21: . ack 1 win 65535
16:18:35.074962 IP 10.0.0.12.21 > 192.168.0.188.1148: P 1:29(2 ack 1 win 5840
16:18:35.075332 IP 10.0.0.12.21 > 192.168.0.188.1148: F 29:29(0) ack 1 win 5840
16:18:35.075460 IP 192.168.0.188.1148 > 10.0.0.12.21: . ack 30 win 65507
16:18:35.077574 IP 192.168.0.188.1148 > 10.0.0.12.21: R 1:1(0) ack 30 win 0
16:18:37.697493 IP 192.168.0.188.1149 > 10.0.0.11.21: S 3575207894:3575207894(0) win 65535 <mss 1460,nop,nop,sackOK>
16:18:37.697652 IP 10.0.0.11.21 > 192.168.0.188.1149: S 1672675050:1672675050(0) ack 3575207895 win 5840 <mss 1460,nop,nop,sackOK>
16:18:37.697780 IP 192.168.0.188.1149 > 10.0.0.11.21: . ack 1 win 65535
16:18:37.699922 IP 10.0.0.11.21 > 192.168.0.188.1149: P 1:29(2 ack 1 win 5840
16:18:37.700363 IP 10.0.0.11.21 > 192.168.0.188.1149: F 29:29(0) ack 1 win 5840
16:18:37.700476 IP 192.168.0.188.1149 > 10.0.0.11.21: . ack 30 win 65507
16:18:37.702508 IP 192.168.0.188.1149 > 10.0.0.11.21: R 1:1(0) ack 30 win 0
希望高手重新看一下

dingxincai

有关ftp－lvs－nat可以参考：
https://www.redhat.com/docs/manu ... 1-lvs-overview.html

dingxincai

这是ftp请求的包呀，可是没有回复的包呀

qtdszws

你这不是正常了吗?有请求和响应。

你是怎么搞通的?

你可以先用web服务测试,ftp有点复杂。

[ 本帖最后由 qtdszws 于 2007-5-16 17:26 编辑 ]

dingxincai

把你的lvs.xml 贴出来看看

skywh_2001

RS的结果之一：
[root@localhost ~]# tcpdump -i eth0 -nnn
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
16:18:23.101091 IP 192.168.0.188.1148 > 10.0.0.12.21: S 719216675:719216675(0) win 65535 <mss 1460,nop,nop,sackOK>
16:18:23.101189 IP 10.0.0.12.21 > 192.168.0.188.1148: S 1659958277:1659958277(0) ack 719216676 win 5840 <mss 1460,nop,nop,sackOK>
16:18:23.101276 IP 192.168.0.188.1148 > 10.0.0.12.21: . ack 1 win 65535
16:18:23.102839 IP 10.0.0.12.21 > 192.168.0.188.1148: P 1:29(2 ack 1 win 5840
16:18:23.103220 IP 10.0.0.12.21 > 192.168.0.188.1148: F 29:29(0) ack 1 win 5840
16:18:23.103411 IP 192.168.0.188.1148 > 10.0.0.12.21: . ack 30 win 65507
16:18:23.105523 IP 192.168.0.188.1148 > 10.0.0.12.21: R 1:1(0) ack 30 win 0
16:18:28.103366 arp who-has 10.0.0.12 tell 10.0.0.1
16:18:28.103381 arp reply 10.0.0.12 is-at 00:19:5b:69:d0:6f

客户端的结果：
C:\Documents and Settings\skywh>ftp 192.168.0.24
Connected to 192.168.0.24.
421 Service not available.
Connection closed by remote host.
为什么客户端还是没有结果？

搞定了。客户端终于正常了。
由于192.168.0.网段在RS上的ftp服务被禁止了，所以……
但是我在配置时都已经，设置好了。不知后来怎么被改掉了。
看来以后要小心、仔细了。

谢谢各位的帮助！
尤其感谢qtdszws（异次元空间）的帮助！

[ 本帖最后由 skywh_2001 于 2007-5-17 07:41 编辑 ]