请教 LVS/TUN中DR不同网段出口路由怎么配置

服务架构：(Vmware)
Client 192.168.88.1
D ens33:192.168.88.134 ens36:192.168.66.128
rs1 ens36:192.168.66.130 [default route 192.168.66.132]
Gateway eth1 :192.168.88.131 eth2 :192.168.66.132 [linux]

目前情况是我client发出TCP握手后，rs1接到请求转发都GATEWAY后 GATEWAY无法跨网段转发
其中rs1是可以正常ping通client的。麻烦众位大神给看看

在GATEWAY上的tcpdump
[root@ELKBASE-NODE ~]# tcpdump -i eth2 'port 80 and dst host 192.168.88.1' -vv -n
tcpdump: listening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes
02:59:25.151914 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
192.168.88.101.http > 192.168.88.1.50008: Flags [S.], cksum 0xb257 (correct), seq 584529558, ack 3927839149, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
02:59:25.351859 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
192.168.88.101.http > 192.168.88.1.50009: Flags [S.], cksum 0xff64 (correct), seq 1972105425, ack 575307651, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
02:59:25.587363 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
192.168.88.101.http > 192.168.88.1.50026: Flags [S.], cksum 0x60f6 (correct), seq 2856373159, ack 1491261373, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
02:59:25.839967 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)

[root@ELKBASE-NODE ~]# tcpdump -i eth1 'port 80 and dst host 192.168.88.1' -vv -n
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
空

[root@ELKBASE-NODE ~]# sysctl -a|grep ip_forward
net.ipv4.ip_forward = 1

[root@ELKBASE-NODE ~]# iptables -nL -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination