LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: LVS-NAT or direct routing or...?

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: LVS-NAT or direct routing or...?
From: "Kristoffer Egefelt" <dr.fersken@xxxxxxxxx>
Date: Mon, 22 May 2006 16:05:48 +0200
I think the problem is, that the realserver doesn't answer an incomming
connection so it uses the primary ip address of the loadbalancer as source.

From the how-to:
4.10.1. So make the VIP the primary IP on the outside of the director

Wayne *wayne (at) compute-aid (dot) com* 26 Apr 2000

Any web server behind the LVS box use LVS-NAT can initiate communication to
the Internet. However, it is not using the farm IP address, rather it is
using the masquerading IP address -- the actual IP address of the interface.
Is there easy way to let the server in NAT mode to go out as the farm IP
address?

Lars

No. This is a limitation in the 2.2 masquerading code. It will always use
the first address on the interface.

We tried and it works! We put VIP on eth0, and RIP on eth0:1 in NAT mode and
it works fine. Just need to figure out how to do it during reboot, since
this is done by playing with ifconfigure command. Once we swap them around,
the going out IP address is the VIP address. But if LVS box reboot, you just
have to redo it again.

As I see it it's not possible to have multiple realservers initating
connections with different source ip's? Or..?

Does anybody have a solution for this?
Thanks!

/Kristoffer


On 5/19/06, Joseph Mack NA3T <jmack@xxxxxxxx> wrote:

On Thu, 18 May 2006, Kristoffer Egefelt wrote:

> Thanks for your reply, but this is exactly the problem.
> The reply don't come from the VIP, it comes from the
> loadbalancers primary ipaddress.

apologies - I misread your original posting.

> Setup:
> 1 debian 2.6 w. iptables -  LVS-NAT with 1 public and 1 private
interface.
> 2 mailservers.
>
> It's like this:
> Loadbalancer ip - 10.10.10.1
> VIP - 10.10.10.2
> Mailserver ip - 192.168.0.10
>
> Mails from 192.168.0.10 originates from 10.10.10.1, I would like them to
> originate from 10.10.10.2...

This shouldn't happen. Do you have any iptables rules,
packet munging of any sort, installed? If so try it without
the rules.

Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users


<Prev in Thread] Current Thread [Next in Thread>