I have set up keepalived for load balancing. It works for redundancy but does not work when trying to load balance.

I am using 2 servers and have exact same configurations on both servers. debian 64 bit squeeze.

keepalive conf:

Code:
# Configuration File for Keepalived

# Global Configuration
global_defs {
  notification_email {

  }
  notification_email_from 
  smtp_server smtp.localhost.lan
  smtp_connect_timeout 30
  router_id DEBIAN2		# string identifying the machine
}

# describe virtual service ip
vrrp_instance VI_1 {
  # initial state
  state BACKUP
  interface eth0
  # arbitary unique number 0..255
  # used to differentiate multiple instances of vrrpd
  virtual_router_id 1
  # for electing MASTER, highest priority wins.
  # to be MASTER, make 50 more than other machines.
  priority 60
  authentication {
    auth_type PASS
    auth_pass xxx
  }

  virtual_ipaddress {
    192.168.0.199/32
  }

  # Invoked to master transition
  notify_master "/etc/keepalived/bypass_ipvs.sh del 192.168.0.199"
  # Invoked to slave transition
  notify_backup "/etc/keepalived/bypass_ipvs.sh add 192.168.0.199"
  # Invoked to fault transition
  notify_fault "/etc/keepalived/bypass_ipvs.sh add 192.168.0.199"
  smtp_alert
}

# describe virtual web server
virtual_server 192.168.0.199 8080 {
#  delay_loop 5

  # lc = least connected
  lb_algo rr

  # DR = Dynamic routing (best)
  lb_kind NAT

#  persistence_timeout 50
  protocol TCP

  real_server 192.168.0.212 80 {
    TCP_CHECK {
      connect_timeout 1
#      nb_get_retry 2
#      delay_before_retry 60
    }
  }
  real_server 192.168.0.213 80 {
    TCP_CHECK {
      connect_timeout 1
#      nb_get_retry 2
#      delay_before_retry 60
    }
  }
}


bypass script

Code:
#! /bin/sh
# 

# Check number of command line args
EXPECTED_ARGS=2
if [ $# -ne $EXPECTED_ARGS ]; then
  echo "Usage: $0 {add|del} ipaddress"
  exit 1
fi

# Check if second arg is a valid ip address
VIP=$2
OLD_IFS=$IFS
IFS="."
VIP="$VIP"
IFS=$OLD_IFS
# Add or remove the prerouting rule
case "$1" in
  add)
  	# check if the rule was already specified
  	n=$(iptables -t nat -L| grep $VIP | wc -l)
#echo "n: "$n
    if [[ $n == 0 ]]; then
    	# the rule was not found, add it
#echo $VIP
    	iptables -A PREROUTING -t nat -d $VIP -p tcp -j REDIRECT
    fi
    ;;
  del)
  	# check if the rule was already specified
    n=$(iptables -t nat -L| grep $VIP | wc -l)
    while [[ $n > 0 ]]; do
    	# remove the rule
    	iptables -D PREROUTING -t nat -d $VIP -p tcp -j REDIRECT
    	n=$(($n-1))
    done
    ;;
  *)
    echo "Usage: $0 {add|del} ipaddress"
    exit 1
esac
exit 0


The servers are debina2 and debain3.

Now if debian3 is master i can netcat into port 8080 to debian2 but it won't work for debian3 locally using rr algorithim. same would happen if debian2 was master and debian3 slave. however i can ping the VIP from any local pc.



Code:
rootdebian3:/etc/keepalived# ipvsadm -l -n --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port               Conns   InPkts  OutPkts  InBytes OutBytes
  -> RemoteAddress:Port
TCP  192.168.0.199:8080                  8       21       10     1205      572
  -> 192.168.0.212:80                    4       17       10      965      572
  -> 192.168.0.213:80                    4        4        0      240        0
In the above debian3 is master and debian 2 is backup. nothing is sent back when it tries itself



Code:
rootdebian3:/etc/keepalived# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.0.199:8080 rr
  -> 192.168.0.212:80             Masq    1      0          0         
  -> 192.168.0.213:80             Local   1      0          0  



2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:17:31:8f:74:1c brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.213/24 brd 192.168.0.255 scope global eth0
    inet 192.168.0.199/32 scope global eth0
    inet6 fe80::217:31ff:fe8f:741c/64 scope link 
       valid_lft forever preferred_lft forever


I have manually tried to add NAT rule onto backup using iptables -A PREROUTING -t nat -d 192.168.0.199 -p tcp -j REDIRECT but that doesn't work. I have also tried to change lb_kind to DR but that doesn't work. I have read many how to guides and have followed exactly same procedures and none seem to work.

I have loaded modules using modprobe and set ipv4 for port forward to 1 in sysctl.conf