Public bug reported:
Binary package hint: linux-image-2.6.38-8-server
Hello launchpad,
There is a bug in the ip_vs kernel module. The source nat is not working with
the current ubuntu 11.04 kernel.
This bug seems to have appeared in kernel version 2.6.37 according to the
lvs-users mailinglist (link below).
loadbalancer-ng ~ # lsb_release -rd
Description: Ubuntu 11.04
Release: 11.04
loadbalancer-ng ~ # apt-cache policy linux-image-server
linux-image-server:
Installed: 2.6.38.8.22
Candidate: 2.6.38.8.22
Version table:
*** 2.6.38.8.22 0
500 http://nl.archive.ubuntu.com/ubuntu/ natty/main amd64 Packages
100 /var/lib/dpkg/status
A complete explanation of the bug is on the lvs-users mailinglist. The thread
can be found here:
http://lists.graemef.net/pipermail/lvs-users/2011-May/024019.html
The patch that I've applied against the current natty server kernel to fix this
problem:
tom@tole:/unprotected/kernel$ diff -up
linux-2.6.38-patched/net/netfilter/ipvs/ip_vs_core.c
linux-2.6.38/net/netfilter/ipvs/ip_vs_core.c
--- linux-2.6.38-patched/net/netfilter/ipvs/ip_vs_core.c 2011-05-30
08:05:31.778443588 +0200
+++ linux-2.6.38/net/netfilter/ipvs/ip_vs_core.c 2011-03-15
02:20:32.000000000 +0100
@@ -1683,7 +1683,7 @@ static struct nf_hook_ops ip_vs_ops[] __
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_INET_LOCAL_IN,
- .priority = 98,
+ .priority = 99,
},
/* After packet filtering, forward packet through VS/DR, VS/TUN,
* or VS/NAT(change destination), so that filtering rules can be
@@ -1693,7 +1693,7 @@ static struct nf_hook_ops ip_vs_ops[] __
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_INET_LOCAL_IN,
- .priority = 99,
+ .priority = 101,
},
/* Before ip_vs_in, change source only for VS/NAT */
{
@@ -1735,7 +1735,7 @@ static struct nf_hook_ops ip_vs_ops[] __
.owner = THIS_MODULE,
.pf = PF_INET6,
.hooknum = NF_INET_LOCAL_IN,
- .priority = 98,
+ .priority = 99,
},
/* After packet filtering, forward packet through VS/DR, VS/TUN,
* or VS/NAT(change destination), so that filtering rules can be
@@ -1745,7 +1745,7 @@ static struct nf_hook_ops ip_vs_ops[] __
.owner = THIS_MODULE,
.pf = PF_INET6,
.hooknum = NF_INET_LOCAL_IN,
- .priority = 99,
+ .priority = 101,
},
/* Before ip_vs_in, change source only for VS/NAT */
{
I hope this is enough information.
With kind regards,
Tom van Leeuwen
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/790127
Title:
kernel ip_vs source nat not working
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
