LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

[lvs-users] VS NAT Director as VS TUN real sever at same time

from [Carlos Torres] [Permanent Link]
To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: [lvs-users] VS NAT Director as VS TUN real sever at same time
From: "Carlos Torres" <carlos@xxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 22 Apr 2008 21:19:51 -0400 
Hi...

I am trying to configure VS as balancer director combining NAT and TUN..... 
but, I have problems with the NAT and Tunneling over the same box





                                 W.W.W-------------> 66.177.181.12 (eth0) 
10.0.0.1(eth1) -----------> Farm (10.0.0.2, 10.0.0.3, 10.0.0.4)
                                                                             
VIP1                                              NAT (ipvsadm -a -t 
66.177.181.12:5050 -r 10.0.0.2:5050 -m -w 100)... (0.3, 0.4)
                                                                             
   |
                                                                             
   | TUN (ipvsadm -a -t 66.177.181.12:5050 -r 122.231.45.31:5050 -i -w 100)
                                                                             
   |
                                                                             
  V
                                                                      
122.231.45.31(eth0) 
10.0.0.1(eth1) -----------> Farm (10.0.0.2, 10.0.0.3, 10.0.0.4)
                                                                             
VIP2                                              NAT (ipvsadm -a -t 
122.231.45.31:5050 -r 10.0.0.2:5050 -m -w 100)... (0.3, 0.4)

My problem are in VIP2, because, I can see the connections shipped by VIP1, 
but the internal round robin (rr -m) not work. I think that the problem is 
with the iptables...
I have enable the ports and the IPs, but with the iptable NAT I am not 
sure... the next is my iptables script in VIP2

echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "1" > /proc/sys/net/ipv4/conf/all/arp_announce
.......
$IPTABLES -t filter -A FORWARD -p TCP --dport 5050 -j ACCEPT (this is enough 
to make that works, but that not happend)
....
$IPTABLES -t filter -A INPUT      -p TCP                          --dport 
5050 -j ACCEPT
$IPTABLES -t filter -A FORWARD    -p TCP                    --dport 5050 -j 
ACCEPT
$IPTABLES -t nat    -A PREROUTING -p TCP -d 66.177.181.12  --dport 5050 -j 
DNAT   --to-destination 122.231.45.31:5050 (I send again the connection to 
the VIP of load
                                                                             
                                                                             
                                                   balancer (rr) with nating 
(-m))

I'll appreciate all the help that any of you could give me.

Thanks

Carlos
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [lvs-users] LVS DR dropping the FIN packets, Joseph Mack NA3T
Next by Date:  Re: [lvs-users] VS NAT Director as VS TUN real sever at same time, Joseph Mack NA3T
Previous by Thread:  [lvs-users] LVS DR dropping the FIN packets, Thomas Pedoussaut
Next by Thread:  Re: [lvs-users] VS NAT Director as VS TUN real sever at same time, Joseph Mack NA3T
Indexes:  [Date] [Thread] [Top] [All Lists]