|
On Wed, 13 Oct 1999, Zalman Stern wrote:
> First off, is there any reason to believe this won't work? The
> patches apply clean and the admin command seems to work fine and there are
> no crashes.
>
> Basically, I'm just trying to setup a simple NAT redirection. I've started
> out with the following output from ipvsadm -L:
> IP Virtual Server version 0.9.1 (size=4096)
> Prot LocalAddress:Port Scheduler Flags
> -> RemoteAddress:Port Forward Weight ActiveConn InActConn
> TCP 209.249.66.134:8000 wlc
> -> 209.249.66.131:9020 Masq 1 0 0
>
> But connections to 209.249.66.134:8000 just hang and do not work.
> (Connections directly to 209.249.66.131:9020 work fine.)
With NAT you need to have
1. the realserver and director on a private network (here presumably
209.249.66.0/24, would be better to move it to a 10.x.x.x or 192.168.x.x
network)
2. the default gw of the realserver being the IP of the director on that
network.
3. The VIP must _NOT_ be in this private network and there must be no way
a packet can be exchanged between a realserver and a client before LVS is
turned on (ie before the director is told to start doing its LVS thing).
So you should _not_ be able to connect to the realserver from the
client like you are doing.
4. You will need to turn on masquerading and forwarding on the director
(here the private network is 10.1.1.0/24)
echo "turning on masquerading "
#setup masquerading
echo "1" >/proc/sys/net/ipv4/ip_forward
echo "installing ipchain rules"
/sbin/ipchains -A forward -j MASQ -s 10.1.1.0/24 -d 0.0.0.0/0
echo "ipchain rules "
/sbin/ipchains -L
Presumably then you would leave the VIP on the 209.249.66.0/24 network,
and set up the realservers and director with 10.x.x.x/24 addresses.
Make the 10.x.x.x address on the director the default gw for the real
server(s).
Wensong, everyone falls over this problem when they first setup VS-NAT
(including me). Do you think you could add a trap to the masq
module/ipvsadm to not allow commands which would put VS-NAT connections
into the same network?
> Another semi-related question: I understand that I cannot have a virtual
> server address that does port remapping entirely within the local machine.
> But can I set one up which redirects to one of two IP addresses both of
> which are on the same machine as the virtual server (local)?
Not sure what you are asking here and I don't know what the "local
machine" is. The terminology here is not well defined yet. The
terminology at the moment is
virtual server - the whole setup addressed via the VIP
director - the machine with the VIP and which does the load
balancing/dispatching
realservers - the machines with the services
Do you want to have one machine with
2 IPs appear to be 2 independant realservers? If so, yes. Just tell the
director you have 2 machines out there.
Do you want 2 direct routing connections on the director? Don't know
> I want to use
> virtual server functionality to allow switching over from one pool of
> server processes to another without an interruption in service to clients.
In general this can't be done - you loose the connection and have to
start again. It's on the todo list.
Joe
--
Joseph Mack mack@xxxxxxxxxxx
----------------------------------------------------------------------
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe, e-mail: lvs-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxx
For additional commands, e-mail: lvs-users-help@xxxxxxxxxxxxxxxxxxxxxx
|
