Re: I need for setting up one to many ports

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: I need for setting up one to many ports
From:	Horms <horms@xxxxxxxxxxxx>
Date:	Fri, 4 Nov 2005 12:55:57 +0900

On Wed, Nov 02, 2005 at 02:45:05PM -0600, Brad Hudson wrote:
> On 11/1/05, Horms <horms@xxxxxxxxxxxx> wrote:
> >
> > On Tue, Nov 01, 2005 at 07:57:57AM -0600, Brad Hudson wrote:
> > > -----Original Message-----
> > > From: lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx
> > > [mailto:lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Horms
> > > Sent: Monday, October 31, 2005 9:27 PM
> > > To: LinuxVirtualServer.org users mailing list.
> > > Subject: Re: I need for setting up one to many ports
> > >
> > > On Mon, Oct 31, 2005 at 03:54:53PM -0600, Brad Hudson wrote:
> > > > I have a situation where I need to have a single $vip:$port be masked
> > to
> > > > many ports on a backend server. Can someone help with this? Here is
> > what I
> > > > thought would work, but didn't:
> > > > # $port = "XXXX";
> > > > # iptables -A PREROUTING -t mangle -p tcp -s 
> > > > 0.0.0.0/0<http://0.0.0.0/0><
> > http://0.0.0.0/0>
> > > -d
> > > > 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> --dport $port -j MASK
> > --set-mask 1
> > > > # ipvsadm -A -f 1 -s nq -p 600
> > > > # ipvsadm -a -f 1 -r $backend_host -g -w 1
> >
> > [snip]
> >
> > > $cip = client ip
> > > $vip = virtual ip
> > > $vport = virtual port
> > > $node = real server
> > > * = any port
> > >
> > > Steps:
> > > 1. $cip -> $vip:$vport -> $node:* (client connects to the virtual ip and
> > > port and is routed to the real-server with persistence via whatever
> > method
> > > the client used to connect <ssh, http, telnet, etc.>)
> > >
> > > 2. $node:* -> $vip:$vport -> $cip (real-server then accepts the
> > connection
> > > <ssh, telnet, http, etc.> and does what it should then responds back
> > through
> > > the virtual ip and port back to the client)
> > >
> > > Does this help?
> >
> > Yes, the setup you have above should do just that, though you might
> > want to tighten up the iptables rule slightly,
> >
> > iptables -A PREROUTING -t mangle -p tcp -d $vip -j MASK --set-mask 1
> 
> 
> This does not work, even with correct syntax (<MARK --set-mark>, my fault
> above). I must use the --dport option as I only have a single $vip and there
> are other $vports configured (http, and a few private ports).

In that case, I do not understand what you are trying to do.

-- 
Horms

<Prev in Thread]	Current Thread	[Next in Thread>
I need for setting up one to many ports, Brad Hudson Re: I need for setting up one to many ports, Horms RE: I need for setting up one to many ports, Brad Hudson Re: I need for setting up one to many ports, Horms Re: I need for setting up one to many ports, Brad Hudson Re: I need for setting up one to many ports, Horms <=

Previous by Date:	Re: lvs_dr script for setting up nessus, Horms
Next by Date:	Re: Newbie Ultramonkey3 help required in debian sarge, ankush grover
Previous by Thread:	Re: I need for setting up one to many ports, Brad Hudson
Next by Thread:	Restoring https service (ldirectord), merdan . atajanov
Indexes:	[Date] [Thread] [Top] [All Lists]