ip_vs & NAT

To:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject:	ip_vs & NAT
From:	"John P . Looney" <john@xxxxxxxxxxxxx>
Date:	Sat, 24 Feb 2001 16:28:30 +0000

 I have a few machines running apache & mysql behind a router running ipvs.

 The router masquerades the connections, like so;

TCP  172.24.51.1:www lc
  -> evilwillow.sunnydale.antefacto.com:www Masq    1      0          0         
  -> goodwillow.sunnydale.antefacto.com:www Masq    1      0          0         
TCP  172.24.51.6:mysql lc
  -> evilwillow.sunnydale.antefacto.com:mysql Masq    1      0          0       
  
  -> goodwillow.sunnydale.antefacto.com:mysql Masq    1      0          0       
  

 It works fine. External apps can get to these machines. However,
the router and the two machines above can't get to 172.24.51.6:mysql - the
connection hangs. Like wise for apache. The machines are all on a switch -
not a hub, if that matters.

 I telnetted to 172.24.51.1:www from "evilwillow", and did a tcp dump on
the ipvs machine, and saw;

User level filter, protocol ALL, datagram packet socket
tcpdump: listening on all devices
16:25:20.567319 eth0 < goodwillow.sunnydale.antefacto.com.1926 > 
evilwillow.sunnydale.antefacto.com.www: S [ECN-Echo,CWR] 
3633840634:3633840634(0) win 5840 <mss 1460,sackOK,timestamp 17852294 
0,nop,wscale 0> (DF)
16:25:20.567775 eth0 > evilwillow.sunnydale.antefacto.com.www > 
goodwillow.sunnydale.antefacto.com.1926: S [ECN-Echo] 3634986324:3634986324(0) 
ack 3633840635 win 5792 <mss 1460,sackOK,timestamp 17521934 17852294,nop,wscale 
0> (DF)
16:25:20.567890 eth0 < goodwillow.sunnydale.antefacto.com.1926 > 
evilwillow.sunnydale.antefacto.com.www: R 3633840635:3633840635(0) win 0 (DF)
16:25:23.564060 eth0 < goodwillow.sunnydale.antefacto.com.1926 > 
evilwillow.sunnydale.antefacto.com.www: S [ECN-Echo,CWR] 
3633840634:3633840634(0) win 5840 <mss 1460,sackOK,timestamp 17852594 
0,nop,wscale 0> (DF)
16:25:23.564139 eth0 > evilwillow.sunnydale.antefacto.com.www > 
goodwillow.sunnydale.antefacto.com.1926: S [ECN-Echo] 3637982691:3637982691(0) 
ack 3633840635 win 5792 <mss 1460,sackOK,timestamp 17522234 17852594,nop,wscale 
0> (DF)
16:25:23.564229 eth0 < goodwillow.sunnydale.antefacto.com.1926 > 
evilwillow.sunnydale.antefacto.com.www: R 3633840635:3633840635(0) win 0 (DF)

 That looks like the machines are talking. But, I keep getting "connection
refused". Is there something special you need to do when both machines
from outside a cluster and inside a cluster have to access HA services ?

Kate

-- 
 When I say 'free', I mean 'free': free from bond, of chain or command: 
to go where you will, even to Mordor, Saruman, if you desire. " 
    -- Gandalf, paraphrasing the choice between Free and Non-free software

<Prev in Thread]	Current Thread	[Next in Thread>
ip_vs & NAT, John P . Looney <= Re: ip_vs & NAT, Julian Anastasov Re: ip_vs & NAT, John P . Looney Re: ip_vs & NAT, Julian Anastasov Re: ip_vs & NAT, Roberto Nibali Re: ip_vs & NAT, Roberto Nibali Re: ip_vs & NAT, John P . Looney

Previous by Date:	Re: Article about virtual server and redundant cluster., Alexandre Cassen
Next by Date:	Re: ip_vs & NAT, Julian Anastasov
Previous by Thread:	ipvs-0.2.5 for kernel 2.4, Wensong Zhang
Next by Thread:	Re: ip_vs & NAT, Julian Anastasov
Indexes:	[Date] [Thread] [Top] [All Lists]