Re: Can LVS box route all packets, both ways?

To:	"Peter C. Nikolaidis" <pcnlist@xxxxxxxxxxxxxx>
Subject:	Re: Can LVS box route all packets, both ways?
Cc:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From:	Horms <horms@xxxxxxxxxxxx>
Date:	Mon, 12 Jun 2000 09:46:05 -0700

On Mon, Jun 12, 2000 at 10:40:13AM -0400, Peter C. Nikolaidis wrote:
> Hi,
> 
>     I am configuring an LVS cluster server to be the front-end for 3-16 NT
> web servers.  The problem I have is that I want to be able to maintain the
> NT boxes from a machine on the other site of the LVS box.  Can the LVS box
> be configured to route all packets both ways, only redirecting http:80
> requests directed to the virtual server's IP address?  I need this sort of
> functionality because there will also be a SQL server on the "web farm"
> side, and it needs to be able to communicate out to the other side (client
> machines side).

This should work. You can define the virtual server to listen for port 80
traffic on the VIP. If you are using IPVS/NAT then you will need to set up
the ipchains rules such that only port 80 traffic is masqueraded, and of
corse the servers will need addresses that are routeable from the clients.

I think this will work, though I havn't tested it.

 
>     Here's a picture of what I'm trying to accomplish:
> 
>              Client Machines
>                    |
>                    |
>                    |
>                LVS Router
>                    |
>         -----------+------------
>         |          |           |
>      NT Server  NT Server   SQL Server
> 
>     I set up piranha on RedHat 6.2, using the included RPMs, and have it
> successfully load balancing between two servers.  However, I'm fairly new to
> Linux as a router, so if you know the exact (ipchains?) commands I need to
> use to do this, please let me know.

First take a look at the ipchains rules

ipchains -L -n

You can save these so you can restorte them if you need by running
ipchains-save > some_file

They can be restored as needed using
ipchains-restore < some file


If there is an existing masquerading entry you will need to remove it.

You can do this by flushing (removing) all the forward rules using

ipchains -F forward

or by deleting the rule more explictly

e.g.

ipchains -D forward -j MASQ -s 10.0.0.0/25 -d 0.0.0.0/0


To add a new rule that only masquerades port 80 traffic use

ipchains -A forward -j MASQ -s <nt server network> 80 -d 0.0.0.0/0


To make this change persistent through reboots uses

ipchains-save > /etc/sysconfig/ipchains
chkconfig --add ipchains


-- 
Horms

<Prev in Thread]	Current Thread	[Next in Thread>
Can LVS box route all packets, both ways?, Peter C. Nikolaidis Can LVS box route all packets, both ways?, Peter C. Nikolaidis Re: Can LVS box route all packets, both ways?, Horms <= Re: Can LVS box route all packets, both ways?, Joseph Mack

Previous by Date:	Re: RedHat 6.2 Standard, Keith Barrett
Next by Date:	Re: Problem with 2.2.14 kernel and nanny timeouts, Keith Barrett
Previous by Thread:	Can LVS box route all packets, both ways?, Peter C. Nikolaidis
Next by Thread:	Re: Can LVS box route all packets, both ways?, Joseph Mack
Indexes:	[Date] [Thread] [Top] [All Lists]