Re: lvs nat problem

[Draschl Clemens <clemens.draschl@xxxxxxxxxxxxxx>]

hi!

seems, that you didn't read the howto not carefully enough ;-)
the vip and the director-inside_ip are in the same network. the point
is, that the 255.255.255.0-network sees the .128-network, but not vice
versa. and, why do you nat public to public ip's? if you want that, use
direct routing. if you don't give the real-servers private ip's like
192.168.1.0 (like in the howto) the script is doing the rest of the
work, like adding routes and iphains.

to your problem: the script does a traceroute to the client for the
2-hop-test. as the client is in the same subnet (the .128-mask doesn't
really make a big problem for this) the client is only one hop away.
that's the reason, why it fails. so use one public ip for the vip of the
director, and private ip's for the real-servers. just change the script
and everything will run fine

hope it helps
clemens

malalon@xxxxxxxxxxxxxx wrote:
> 
> I have a problem with setting LVS_NAt on my net. I'm
> working on it for about one week, i read how_to and
> still can't do that. Can anyone help me?
> 
> Thanx,
> Pawel Osko
> posko@xxxxxxxxxxxxxx
> malalon@xxxxxxxxxxxxx
> 
> What I have:
> 
> 12 PCs LAN:
> 
> IPs: 194.29.167.60 ... 72
> GW:  194.29.167.126
> Mask:255.255.255.128
> 
> Every PC have 2.2.19 kernel patched with ipvs-1.08-2.2.19.
> 
> What I want:
> 
> One LVS-NATdirector on 194.29.167.69 and several realservers.
> 
> My lvs_nat.conf( for one realserver)
> 
> #Client IP:       194.29.167.126
> #Director IP:     194.29.167.69
> #Real-Server IP:  194.29.167.67
> #VIP:             194.29.167.80
> #Subnet:          255.255.255.128
> #Gateway:         194.29.167.126
> 
> LVS_TYPE=VS_NAT
> INITIAL_STATE=on
> VIP=eth0:110 194.29.167.80 255.255.255.0 194.29.167.80
> DIRECTOR_INSIDEIP=eth0 194.29.167.69 255.255.255.128 194.29.167.127
> SERVER_DEFAULT_GW=194.29.167.126
> SERVICE=t telnet rr 194.29.167.67:telnet
> SERVER_NET_DEVICE=eth0
> 
> PROBLEM
> 
> ./rc.lvs on realserver generates:
> 
> looking for standard utilities
> $IPCHAINS=/sbin/ipchains
> $PING=/bin/ping -c 1
> $IFCONFIG=/sbin/ifconfig
> $NETSTAT=/bin/netstat
> $ROUTE=/sbin/route
> $AWK=/usr/bin/awk
> $AWK=/bin/awk
> fping not found, using ping instead
> $FPING=/bin/ping -c 1
> done
> 
> 
> changing default gw to 194.29.167.69
> showing routing table
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
> 194.29.167.67   0.0.0.0         255.255.255.255 UH        0 0          0 eth0
> 194.29.167.0    0.0.0.0         255.255.255.128 U         0 0          0 eth0
> 127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
> 0.0.0.0         194.29.167.69   0.0.0.0         UG        0 0          0 eth0
> 
> checking if DEFAULT_GW 194.29.167.69 is reachable - PING 194.29.167.69 
> (194.29.167.69) from 194.29.167.67 : 56(84) bytes of data.64 bytes from 
> 194.29.167.69: icmp_seq=0 ttl=255 time=1.3 ms--- 194.29.167.69 ping 
> statistics ---1 packets transmitted, 1 packets received, 0% packet 
> lossround-trip min/avg/max = 1.3/1.3/1.3 ms, good
> LVS realserver type vs-nat
> 
> 
> looking for DIIP 194.29.167.69
> PING 194.29.167.69 (194.29.167.69) from 194.29.167.67 : 56(84) bytes of data.
> 64 bytes from 194.29.167.69: icmp_seq=0 ttl=255 time=0.7 ms
> 
> --- 194.29.167.69 ping statistics ---
> 1 packets transmitted, 1 packets received, 0% packet loss
> round-trip min/avg/max = 0.7/0.7/0.7 ms
> found, good
> not local, good
> 
> looking for VIP on director from realserver
> director is accepting packets on network device eth0:110
> VIP not on real-server at this stage
> VIP will be on director
> pinging VIP
> PING 194.29.167.80 (194.29.167.80) from 194.29.167.67 : 56(84) bytes of data.
> 64 bytes from 194.29.167.80: icmp_seq=0 ttl=255 time=1.4 ms
> 
> --- 194.29.167.80 ping statistics ---
> 1 packets transmitted, 1 packets received, 0% packet loss
> round-trip min/avg/max = 1.4/1.4/1.4 ms
> 194.29.167.80 found, good. It's not on this real-server, assume it's on the 
> director.
> 
> checking default routing for vs-nat realserver
> packets to director's default gw should go through director.
> (this test will return quickly if the routing is wrong for VS-NAT,)
> (will return in about 2 secs if setup correctly,)
> (and will hang if the routing is deranged.)
> Is director's default gw 2 hops away and is director one hop away on the path 
> to the director's gw?
> error: the path to the director's default gw does not go through the director.
> hops to director's gw       0
> hops to director
> this vs-nat LVS will not work.
> you can fix this by changing the IP's, networks and routing of the LVS.
> 1. the network for the realservers must be private.
> 2. the default gw for the realservers must be the director.
> 3. a route to the director is not good enough, it won't work, the director 
> must be the default gw.
> 4. the realservers must not have any other routes to the client.
> (Some routing problems are fixed by rerunning the script.)
> 
> To help debug the problem, here's the output of netstat -rn
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
> 194.29.167.67   0.0.0.0         255.255.255.255 UH        0 0          0 eth0
> 194.29.167.0    0.0.0.0         255.255.255.128 U         0 0          0 eth0
> 127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
> 0.0.0.0         194.29.167.69   0.0.0.0         UG        0 0          0 eth0
> 
> 
> --
> 
> Jest niezly ... i liscik napisze
> OnetKomunikator [ http://ok.onet.pl/instaluj.html ]
> 
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users