LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Problem Routing SSH

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Problem Routing SSH
From: deley@xxxxxxxxxx
Date: Thu, 23 Feb 2006 11:51:14 -0500
I am trying to route SSH with LVS. We are currently routing telnet, but 
when I add the information to route ssh the sessions are being dropped. 
When we initially setup the telnet routing, we had a contractor do the 
work. Now my boss has tasked me with setting up the ssh routing, and 
since I'm new to Linux all I have is the documentation from the 
contractor and the Internet.
 
When I run the "ipvsadm" command it shows all connections in 
the "InActConn" column.
 
Here is the Current LVS Routing Table:
 
IP Virtual Server version 1.0.8 (size=65536)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.22.2.34:ssh wlc persistent 7200
  -> 172.22.2.31:ssh Route   1      0          1         
  -> 172.22.2.32:ssh Route   1      0          0         
TCP  172.22.2.34:telnet wlc persistent 7200
  -> 172.22.2.31:telnet Route   1      1          0         
  -> 172.22.2.32:telnet Route   1      0          0         

Here is the Current LVS Processes:
 
root 2391 0.0 0.0 1696 68 ? S Feb21 0:00 lvs
root 2394 0.0 0.0 2092 624 ? S Feb21 0:00 /usr/sbin/nanny -c -h 
172.22.2.31 -p 23 -e /etc/telnet.sh %h -x OK -a 15 -I /sbin/ipvsadm -t 
6 -w 1 -V 172.22.2.34 -M g -U none --lvs
root 2395 0.0 0.0 2084 624 ? S Feb21 0:00 /usr/sbin/nanny -c -h 
172.22.2.32 -p 23 -e /etc/telnet.sh %h -x OK -a 15 -I /sbin/ipvsadm -t 
6 -w 1 -V 172.22.2.34 -M g -U none --lvs
root 2397 0.0 0.0 1740 192 ? S Feb21 0:00 /usr/sbin/nanny -c -h 
172.22.2.31 -p 22 -a 15 -I /sbin/ipvsadm -t 6 -w 1 -V 172.22.2.34 -M g -
U none --lvs
root 2398 0.0 0.0 1748 192 ? S Feb21 0:00 /usr/sbin/nanny -c -h 
172.22.2.32 -p 22 -a 15 -I /sbin/ipvsadm -t 6 -w 1 -V 172.22.2.34 -M g -
U none --lvs

Here is the status of "iptables":
 
Table: mangle
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
MARK       tcp  --  anywhere             172.22.2.0/24      tcp 
dpt:telnet MARK set 0x17 
MARK       tcp  --  anywhere             172.22.2.0/24      tcp dpt:ssh 
MARK set 0x16 
 
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
 
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
 
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
 
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
 
Any suggestions on what I'm doing wrong?
 
Thank you,
 
David Eley
LAN Administrator

<Prev in Thread] Current Thread [Next in Thread>