Re: LVS working great.. but...

To:	Clint Byrum <cbyrum@xxxxxxx>
Subject:	Re: LVS working great.. but...
Cc:	Lvs-Users <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
From:	Wensong Zhang <wensong@xxxxxxxxxxxx>
Date:	Thu, 15 Jun 2000 23:26:41 +0800 (CST)


On Wed, 14 Jun 2000, Clint Byrum wrote:

> Ok, I'm using IPVS 0.9.12 w/ kernel 2.2.15 in my firewall to load balance a
> couple of web servers. This works great, from the outside, but when clients
> on the "internal" segment try to access the loadbalanced web servers using
> their VIP's, things break down. Let me explain a little further.
> 
> 
> 
> 
>                              _____DMZ(192.168.10.0/24)
>                              |
> Internet-----Firewall/Loadbalancer----Internal Clients(192.168.1.0/24
> 
> The firewall has all of the real IP addresses as loopback's with netmasks of
> 255.255.255.255. Masquerading is used for the Internal Clients to get out.
> For non load balanced servers, 'ipmasqadm portfw' is used to forward traffic
> through. For the load balanced machines, LVS/NAT is used.
> 
> If 192.168.1.100 tries to access 192.168.10.100(load balanced) directly,
> things work great, as the firewall just filters and routes this traffic. If
> 192.168.1.100 tries to access the VIP that 192.168.10.100 services, the
> reply packets don't seem to get rewritten to seem to come from the VIP. When
> using ipmasqadm portfw, the replies do get rewritten, and things work. Here
> is the only difference I noticed:
> 

I don't see why the portfw can and the lvs cannot. Would you please tell
us the configuration with ipchains commands, ipmasqadm portfw commands,
and ipvsadm commands? It can help us to locate the problem.

Thanks,

Wensong

> the output of netstat -Mn gives these selected entries:
> 
> tcp  44:56.77 192.168.10.4         192.168.1.225        80 -> 1645 (80)
> tcp   5:40.65 192.168.10.2         192.168.1.225        80 -> * (80)
> tcp   0:49.65 192.168.10.2         192.168.1.225        80 -> 1643 (80)
> 
> the first entry is for one serviced by portfw, the other two are for an LVS
> serviced machine.
> 
> Is this a problem with lvs, or a problem with masq in general? Or have a I
> mucked things up? here's the script that brings up the particular virtual
> server:
>        ipvsadm -A -t $EXTIP:80  -s wlc -p
>        ipvsadm -a -t $EXTIP:80  -r 192.168.10.2:80 -m
>        ipvsadm -a -t $EXTIP:80  -r 192.168.10.3:80 -m
> 
> Thanks a million for the load balancing though. :)
> 
> 
>

<Prev in Thread]	Current Thread	[Next in Thread>
LVS working great.. but..., Clint Byrum Re: LVS working great.. but..., Joseph Mack RE: LVS working great.. but..., Clint Byrum Re: LVS working great.. but..., Joseph Mack RE: LVS working great.. but..., Clint Byrum Re: LVS working great.. but..., Joseph Mack Re: LVS working great.. but..., Wensong Zhang <= RE: LVS working great.. but..., Clint Byrum RE: LVS working great.. but..., Julian Anastasov RE: LVS working great.. but..., Julian Anastasov

Previous by Date:	Re: Port 0 not support non-persistent, Wensong Zhang
Next by Date:	Re: anyone going to Ottawa Linux Symposium, 19-22Jul ?, Wensong Zhang
Previous by Thread:	Re: LVS working great.. but..., Joseph Mack
Next by Thread:	RE: LVS working great.. but..., Clint Byrum
Indexes:	[Date] [Thread] [Top] [All Lists]