|
On 9 Feb 2000, Doug Bagley wrote:
> From:
> http://www.linux-vs.org/arp.html
>
> It doesn't mention that you need to have forwarding turned on for the
> REDIRECT to work, (at least I had to turn it on to get it to work for
> me).
hmm. sorry about this. The various docs are submitted by anyone and
everyone and they aren't always in sync or complete. I try to test
everything in the HOWTO to see if it really does work as advertised but
I haven't produced a new HOWTO yet with the redirect stuff in it.
The original script I posted late last year does have forwarding
in it (reposted below incase anyone else needs it), but you can't be
expected to figure out which doc is complete and which isn't.
Joe
--------------
#!/bin/sh
#rc.horms
#script by Joseph Mack and Horms (C) 1999, released under GPL.
#Joseph Mack jmack@xxxxxxxx, Horms horms@xxxxxxxxxxxx
#This code is part of the Linux Virtual Server project
#http://www.linuxvirtualserver.org
#
#
#Horm's method for solving the LVS arp problem for a VS-DR LVS.
#Uses ipchains to redirect a packet destined for an external
#machine (in this case the VIP) to the local device.
#I'll put this into the HOWTO/configure script when I get back from vacation
(Jan 1900)
#Joe
#-----------------------------------------------------
#Instructions:
#
#1. Director: Setup normally (eg turn on LVS services there with ipvsadm).
#2. Realservers: Must be running 2.2.x kernel.
# 2.1 recompile the kernel (and reboot) after turning on the following under
"Networking options"
# Network firewalls
# IP: firewalling
# IP: transparent proxy support
# IP: masquerading
# 2.2 Setup the realserver as if it were a regular leaf node on the network,
# ie with the same gateway and IP as if it were in the LVS, but DO NOT
# put the VIP on the realserver. The realserver will only have its regular
IP
# (called the RIP in the HOWTO).
#3. Edit "user configurable" stuff below"
#4. Run this script
#-----------------------------------------------------
#user configurable stuff
IPCHAINS="/sbin/ipchains"
VIP="192.168.1.110"
#services can be represented by their name (in /etc/services) or a number
#SERVICES is a quoted list of space separated strings
# eg SERVICES="telnet"
# SERVICES="telnet 80"
# SERVICES="telnet http"
#Since the service is redirected to the local device,
#make sure you have SERVICE listening on 127.0.0.1
#(addendum Feb 2000: this is not quite correct - I don't know which IP the
#service request goes to)
#
SERVICES="telnet http"
#
#----------------------------------------------------
#main:
#turn on IP forwarding (off by default in 2.2.x kernels)
echo "1" > /proc/sys/net/ipv4/ip_forward
#flush ipchains table
$IPCHAINS -F input
#install SERVICES
for SERVICE in $SERVICES
do
{
echo "redirecting ${VIP}:${SERVICE} to local:${SERVICE}"
$IPCHAINS -A input -j REDIRECT $SERVICE -d $VIP $SERVICE -p tcp
}
done
#list ipchain rules
$IPCHAINS -L input
#rc.horms----------------------------------------------
--
Joseph Mack mack@xxxxxxxxxxx
----------------------------------------------------------------------
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe, e-mail: lvs-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxx
For additional commands, e-mail: lvs-users-help@xxxxxxxxxxxxxxxxxxxxxx
|
