LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: ipvsadm problem

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: ipvsadm problem
From: "Billy Olson" <ntadmin@xxxxxxxxxxxx>
Date: Fri, 26 Mar 2004 09:54:22 -0800
Rafa Rodriguez Hernandez Wrote:


> I have my machine: 192.168.1.2 (this is the director, and his name is
dip-director)
> Have an alias un dip-director: eth0:0 192.168.1.8 (name vip-director)
> TCP  vip-director:telnet rr
>
> -> 192.168.1.3:telnet                   Masq         1               0
0
> -> 192.168.1.4:telnet                   Masq         1               0
0
> When I try to telnet vip-director (192.168.1.8) I see the connection in
"InActConn" , after several tries I see that InActConn increase in both real
servers (192.168.1.3 and 192.168.1.4)
> But, the request doesn't go out of vip-director. In resume, the request
arrives to director, but doesn't go to real servers.

I would recommend setting up the realservers on another network (ie
192.168.2.x netmask 255.255.255.0)
set the default gateway on the realservers to the director ip which should
be in the same network as the realservers (192.168.2.x)..  Routing on the
director should be setup so that it routes traffice coming out of the NAT
network to the rest of the network (192.168.1.x)...

Vip=192.168.1.x
|
Director- Default GW on director should be set to something on 192.168.1.x
network..
|
Dip=192.168.2.1-Default GW for Realservers
|
|________
|                |
|                Realserver 1
|                192.168.2.2
|
Realserver 2
192.168.2.3

NAT is designed to opperate on seperate networks, and this is how it is most
secure.

Hope this helps.
-Billy

<Prev in Thread] Current Thread [Next in Thread>