Bug 9033 - ipvsadm doesn't work with masquerading.
ipvsadm doesn't work with masquerading.
Product: Red Hat Linux
Classification: Retired
Component: piranha (Show other bugs)
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Phil Copeland
: 9032 (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 2000-01-31 21:28 EST by Bobby Moore
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2000-03-22 12:48:51 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Red Hat Bugzilla 2000-01-31 21:28:46 EST
I set up a virtual server using ipvsadm, with the 'masq' parm. I also set
up a 'forward' chain to masquerade the packets going through the virtual
server. The packets don't get masqueraded. Part of the setup included:

echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_always_defrag

Also, /etc/sysconfig/network is...


ipvsadm shows...

[root@hcom1 sysconfig]# ipvsadm
IP Virtual Server version 0.8.3 (size=4096)
Protocol LocalAddress:Port Scheduler Flags
      -> RemoteAddress:Port    Forward Weight ActiveConn InActConn
TCP wlc
      ->      Masq    2      0          0

My ipchains are...

[root@hcom1 sysconfig]# ipchains -L forward
Chain forward (policy ACCEPT):
target     prot opt     source                destination           ports
MASQ       tcp  ------      anywhere
1024:65535 ->   any
MASQ       udp  ------      anywhere
1024:65535 ->   any

My internet client's ip is, and it connects to (s- d-

When the packet is forwarded and arrives at my 'real' server the source
address in the packet STILL IS (s-
d-  The virtual server correctly forwarded the packet but
didn't masquerade it!

I had to cancel a DEMO of Red Hat Linux Virtual Server with my company.
This doesn't look good. Will you make this a high priority?

Thanks for your help!

Bobby Moore
Project Engineer
Comment 1 Red Hat Bugzilla 2000-02-01 11:09:59 EST
*** Bug 9032 has been marked as a duplicate of this bug. ***
Comment 2 Red Hat Bugzilla 2000-02-09 13:41:59 EST
What I need is the capability to masquerade the source address of a packet
destined for a real server, using ipchains. The problem is that any inbound
packets from a client to real servers are bypassing the FORWARD chain, going
from the INPUT chain to LVS to the OUTPUT chain. Masquerading the source
address of the packet, as well as the destination packet (done by LVS) is what
I need.
Comment 3 Red Hat Bugzilla 2000-03-22 12:45:59 EST
I have exchanged email with custmoer on several occassions. He also has
subscribed to the LVS mailing list and now has a greater understanding of LVS
and MASQ than when this problem was first logged.

Customer has agreed that this bug report can be closed.
Comment 4 Red Hat Bugzilla 2000-03-22 12:54:59 EST
Here is the last email exchange:

> MASQ works for me from an 'inside-to-outside network' perspective. That's
> because traffic from real servers to the outside go through the 'forward'
> chain of ipchains, while traffic from the outside to real servers doesn't.
> I've learned allot during this experiment. Thanks for your feedback.
> Go ahead and close the bug report. Thanks.
> Bobby Moore Worldspan
> Phone: 770.563.7362 Fax: 770.563.6406
> bobby.moore@worldspan.com

Note You need to log in before you can comment on or make changes to this bug.