请教:LVS/NAT模式的问题

我配置了一个LVS/NAT 的应用。
所有的机器都是fedora linux ,kernel :2.6.16
配件:
1. 三个realserver,配置分别为:192.168.3.2 , 192.168.3.3 , 192.168.3.4。他们的网关均为192.168.3.1 ,子网掩码均为255.255.255.0 广播地址均为:192.168.3.255
2. 一个LD,二个网卡,eth2,eth3 。 配置分别为:192.168.1.172 ,192.168.3.1
3. 1个clinet做测试。
结构:
client(192.168.1.212)---------(192.168.1.172)LD(192.168.3.1)----switch-----(192.168.3.x)realserver(共3个)

配置:
在LD上:
echo 1 >/proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/eth2/send_redirects

ipvsadm -C
ipvsadm -A -t 192.168.1.172:80 -s rr
ipvsadm -a -t 192.168.1.172:80 -r 192.168.3.2:80 -m
ipvsadm -a -t 192.168.1.172:80 -r 192.168.3.3:80 -m
ipvsadm -a -t 192.168.1.172:80 -r 192.168.3.4:80 -m

确认内核已经支持ipvs。内核编译配置如下:
<*> IP virtual server support (EXPERIMENTAL)
[*] IP virtual server debugging
(12) IPVS connection table size (the Nth power of 2)
--- IPVS transport protocol load balancing support
[*] TCP load balancing support
[*] UDP load balancing support
[*] ESP load balancing support
[*] AH load balancing support
--- IPVS scheduler
<*> round-robin scheduling
<*> weighted round-robin scheduling
<*> least-connection scheduling
<*> weighted least-connection scheduling
<*> locality-based least-connection scheduling
<*> locality-based least-connection with replication scheduling
<*> destination hashing scheduling
<*> source hashing scheduling
<*> shortest expected delay scheduling
<*> never queue scheduling
--- IPVS application helper
<*> FTP protocol helper

现在的问题是:
从client发送过去的syn请求,realserver能够收到,但是不响应,3次syn包过后,断开连接。
LD上的ipvsadm查看如下:
# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.172:www rr
-> 192.168.3.4:www Masq 1 0 0
-> 192.168.3.3:www Masq 1 0 0
-> 192.168.3.2:www Masq 1 0 0

在LD上的内网 网口(192.168.3.1)上抓包如下:

15:32:00.723152 00:91:27:74:f2:2a > 00:91:27:76:00:64, ethertype IPv4 (0x0800), length 62: IP (tos 0x0, ttl 128, id 59533, offset 0, flags [DF], proto 6, length: 48) 192.168.1.212.50601 > 192.168.3.4.80: S [tcp sum ok] 3522911210:3522911210(0) win 65535

15:32:03.728032 00:91:27:74:f2:2a > 00:91:27:76:00:64, ethertype IPv4 (0x0800), length 62: IP (tos 0x0, ttl 128, id 59543, offset 0, flags [DF], proto 6, length: 48) 192.168.1.212.50601 > 192.168.3.4.80: S [tcp sum ok] 3522911210:3522911210(0) win 65535

15:32:09.747632 00:91:27:74:f2:2a > 00:91:27:76:00:64, ethertype IPv4 (0x0800), length 62: IP (tos 0x0, ttl 128, id 59555, offset 0, flags [DF], proto 6, length: 48) 192.168.1.212.50601 > 192.168.3.4.80: S [tcp sum ok] 3522911210:3522911210(0) win 65535

在realserver上抓包如下:
15:27:50.123656 00:91:27:74:f2:2a > 00:91:27:76:00:64, ethertype IPv4 (0x0800), length 62: IP (tos 0x0, ttl 128, id 59533, offset 0, flags [DF], proto 6, length: 48) 192.168.1.212.50601 > 192.168.3.4.80: S [tcp sum ok] 3522911210:3522911210(0) win 65535

15:27:53.128441 00:91:27:74:f2:2a > 00:91:27:76:00:64, ethertype IPv4 (0x0800), length 62: IP (tos 0x0, ttl 128, id 59543, offset 0, flags [DF], proto 6, length: 48) 192.168.1.212.50601 > 192.168.3.4.80: S [tcp sum ok] 3522911210:3522911210(0) win 65535

15:27:59.148699 00:91:27:74:f2:2a > 00:91:27:76:00:64, ethertype IPv4 (0x0800), length 62: IP (tos 0x0, ttl 128, id 59555, offset 0, flags [DF], proto 6, length: 48) 192.168.1.212.50601 > 192.168.3.4.80: S [tcp sum ok] 3522911210:3522911210(0) win 65535

也就是说,realserver是可以收到请求的,但是为什么不响应呢?而且可以肯定的是,realserver上跑的webserver是好的。内部相互访问web都是可以的。
是不是哪里没配置好?请不吝赐教。谢谢!

Forums:

ifconfig lo:0 vip netmask 255.255.255.255 broadcast vip up
通过这个命令在real server上把虚拟ip添加上

这个是DR模式的,NAT并不需要加lo:0,这个问题应该是用户请求内部的时候并没有在LVS上NAT而你的请求地址是与VIP同一段的,我也碰到这个问题

同网段的话,需要在RS上指定客户端路由
route add -host $client_addr gw $LD_addr
参考:
http://kusix.iteye.com/blog/1273139

randomness