ipchains -> iptables

To:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject:	ipchains -> iptables
From:	Stuart Fox <stuart@xxxxxxxxxxx>
Date:	Thu, 26 Apr 2001 14:57:03 +0100

Hi 

Im using the latest piranha package from the experimental area.

Running RH 7.1 upgraded kernel 2.4.3 source patched ipvs-0.2.11

I have 2 load balancers and 8 real servers

There are 5 virtual servers all servered from the 8 real servers

The primary load balancer has one static ip 212.161.72.2(eth0) and
5 floating ips 212.161.72.70/75/76/77/75

The other static ip is 192.168.0.2(eth1) and 192.168.0.5 is the 
floating default route for the 8 reals.

The load balancers seem to work fine detecting a fail and switching
roles.

The problem is getting a response back through the load balancers.
The real servers can get through fine when access the wed, but the
getting
a response back when rewuesting one of the virtual servers wont work!

Im pretty sure its an IPTables problem. Ive tried several solution but 
none seem to work.

Here is my current attempt


/usr/local/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.70 -d
0.0.0.0/0 -j SNAT --to-source 212.161.72.2
/usr/local/sbin/iptables -t nat -I POSTROUTING -s 192.168.0.90 -d
0.0.0.0/0 -j SNAT --to-source 212.161.72.2
/usr/local/sbin/iptables -t nat -I POSTROUTING -s 192.168.0.100 -d
0.0.0.0/0 -j SNAT --to-source 212.161.72.70
                                                        and 101/102 etc
/usr/local/sbin/iptables -t nat -I POSTROUTING -s 192.168.0.110 -d
0.0.0.0/0 -j SNAT --to-source 212.161.72.75
                                                        and 111/112 etc
/usr/local/sbin/iptables -t nat -I POSTROUTING -s 192.168.0.120 -d
0.0.0.0/0 -j SNAT --to-source 212.161.72.76
                                                        and 121/122 etc
/usr/local/sbin/iptables -t nat -I POSTROUTING -s 192.168.0.130 -d
0.0.0.0/0 -j SNAT --to-source 212.161.72.77
                                                        and 131/132 etc
/usr/local/sbin/iptables -t nat -I POSTROUTING -s 192.168.0.140 -d
0.0.0.0/0 -j SNAT --to-source 212.161.72.78
                                                        and 141/142 etc

ive also tried

/usr/local/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d
0.0.0.0/0 -j SNAT --to-source 212.161.72.2

and

/usr/local/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d
0.0.0.0/0 -j MASQUERADE

ive read something about fwmark but i dont have a clue what it is

The output of ipvsadm -Lcn is :-
IPVS connection entries
pro expire   state       source            virtual           destination
TCP 00:56.03 SYN_RECV    212.161.72.12:1437 212.161.72.70:80 
192.168.0.101:80

Any advice?

Stuart Fox

PS can I up the expirt time to 30 mins?

stuart.vcf
Description: Card for Stuart Fox

<Prev in Thread]	Current Thread	[Next in Thread>
ipchains -> iptables, Stuart Fox <= Re: ipchains -> iptables, Joseph Mack Re: ipchains -> iptables, Stuart Fox Re: ipchains -> iptables, Lars Marowsky-Bree Re: ipchains -> iptables, Joseph Mack

Previous by Date:	Re: Today on Slashdot: anandtech uses LVS, Joseph Mack
Next by Date:	Re: ipchains -> iptables, Joseph Mack
Previous by Thread:	debian/, Ard van Breemen
Next by Thread:	Re: ipchains -> iptables, Joseph Mack
Indexes:	[Date] [Thread] [Top] [All Lists]