LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: LVS-NAT connect to real server on single network NAT

from [Joseph Mack NA3T] [Permanent Link]
To: ben.wilder@xxxxxxxxxxx, <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: LVS-NAT connect to real server on single network NAT
From: Joseph Mack NA3T <jmack@xxxxxxxx>
Date: Tue, 17 Oct 2006 05:45:58 -0700 (PDT) 
On Tue, 17 Oct 2006, Ben Wilder wrote:


Hi all

Another problem if I may, relating to LVS-NAT (Single network)

OS is Fedora core 5 - kernel 2.6.15-1.2054_FC5 Ipvsadm version: 1.2.1

Network looks like the following (I am testing with one real server at the
moment)

[CIP]192.168.0.100 --> [eth0:1 VIP]192.168.0.2 (Director)[eth0 DIP]
aliases have been deprecated since the introduction of the 2.4.x kernel series. They may work, they may not. You can't rely on them working. 


192.168.0.1 --> [eth0 RIP]192.168.0.21

I have set things up in the following way (all machines are located on the
same switch at the moment)

Director:
1 NIC
Eth0 192.168.0.1
Eth0:1 192.168.0.2

Change net.ipv4.ip_forward = 1 in etc/sysctl.conf
Run: service iptables start
Run: iptables -Z
Run: iptables -F

Run: ipvsadm -A -t 192.168.0.2:80 -s wlc
Run: ipvsadm -a -t 192.168.0.2:80 -r 192.168.0.21:80 -m

Run: echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
Run: echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects
Run: echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects

Real server:
1 NIC
Eth0 192.168.0.21
Run: route del -net 192.168.0.0 netmask 255.255.255.0 dev eth0



Behaviour:

When i attempt to retrieve a web page from the virtual IP, everything works
fine, however as mentioned in the
how-to(http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-NAT.html#o
ne_network) I should be able to connect directly to the services on the real
servers that are not being balanced by LVS, this is the problem! Once I have
removed that 192.168.0.0 route,


which 192.168.0.0 route?

why do you have to remove it?

I cannot connect directly to the real

servers for ssh / sftp etc. In this example I am attempting to connect from
[CIP]192.168.0.100 to [RIP]192.168.0.21 with ssh.

Tcp dump on [RIP]192.168.0.21 using: tcpdump host 192.168.0.21 shows nothing
as I attempt to ssh in.

Should I be modifying the routing table to allow a 192.168.0.x client to
connect directly to the real server?


apparently yes.

Joe
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: LVS-NAT - administration question, Joseph Mack NA3T
Next by Date:  Re: Problems with IPVS, Joseph Mack NA3T
Previous by Thread:  LVS-NAT connect to real server on single network NAT, Ben Wilder
Next by Thread:  Why can't i unsubscribe, Erik
Indexes:  [Date] [Thread] [Top] [All Lists]