|
Hi,
As you'll probably know this is a routing issue.
Director
eth0 IP : 10.60.25.125 gateway=10.60.24.1
eth0:1 VIP : 10.60.25.131
eth1 IP : 192.168.1.101
eth1:1 VIP : 192.168.1.103
I didn't quite understand why you have two VIPs, but I reckon this is
irrelevant for the problem.
Real Server 1
eth0 IP : 192.168.1.104 gateway=192.168.1.103
Why do you use the VIP as DGW?
eth1 IP : 10.60.25.127
Aren't you missing the VIP? Is it configured on lo? It should be on eth0
and ip_forward should be disabled.
Three approaches which should work for your RS routing setup:
a) subnet your 10.60.25.0/24?? net + create two routing realms
b) iptables fwmark + fwmark rule ---> new routing table
c) tc u32 classifier + fwmark rule ---> new routing table
Caveats for b) and c): you can't load balance ssh as a service.
I'm going to give you the example for b).
iptables -A PREROUTING -i eth0 -t mangle -p tcp ! --dport 22 \
-j MARK --set-mark 1
ip rule add fwmark 1 table 100
ip route add default via 192.168.1.101 dev eth0 table 100
So, if my instinct works, this should work as follows:
10.60.25.x ----> VIP:service ----> LVS_NAT ----> RIPx
RIPx: service!=tcp/22 ----> 192.168.1.101
10.60.25.x ----> 10.60.25.127:22 ----> 10.60.25.x
Try it out, and next time report with tcpdump on all path interfaces for
1 connection attempt of each, ssh and service.
Best regards,
Roberto Nibali, ratz
--
echo
'[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc
| 