LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: [lvs-users] ldirecctord problem on slave node (Malcolm Turnbull)

from [Tears !] [Permanent Link]
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: [lvs-users] ldirecctord problem on slave node (Malcolm Turnbull)
From: "Tears !" <unix.co@xxxxxxxxx>
Date: Wed, 17 Sep 2008 22:45:05 +0500 
Dear Malcolm!

Thanks for your reply.

Its work.

Regards,

Umar

On Wed, Sep 17, 2008 at 10:23 PM,
<lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx>wrote:

> Send lvs-users mailing list submissions to
>        lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        http://lists.graemef.net/mailman/listinfo/lvs-users
> or, via email, send a message with subject or body 'help' to
>        lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>
> You can reach the person managing the list at
>        lvs-users-owner@xxxxxxxxxxxxxxxxxxxxxx
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of lvs-users digest..."
>
> Today's Topics:
>
>   1. Re:  LVS + Xen + NAT (Josh Mullis)
>   2. Re:  LVS + Xen + NAT (Graeme Fowler)
>   3.  ldirecctord problem on slave node (Tears !)
>   4. Re:  ldirecctord problem on slave node (Malcolm Turnbull)
>   5. Re:  LVS + Xen + NAT (Josh Mullis)
>   6. Re:  LVS + Xen + NAT (Laurentiu C. Badea (L.C.))
>   7. Re:  LVS + Xen + NAT (Josh Mullis)
>
>
> ---------- Forwarded message ----------
> From: Josh Mullis <josh.mullis@xxxxxxx>
> To: "LinuxVirtualServer.org users mailing list." <
> lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
> Date: Wed, 17 Sep 2008 11:05:26 -0400
> Subject: Re: [lvs-users] LVS + Xen + NAT
> This is a very basic setup.
>
> Thought maybe this award -winning diagram would help clear up any
> confusion.
> _____________
> | 10.0.0.5 client |
> ------------------
>      |
>      |    <---DNS request to 10.0.0.80
>  __|___________________
> |   10.0.0.80  eth0                 | <---
> |              |                                    |       |
> |              |                                    |       |    Xen
> |   192.168.122.1   NAT GW   |  <--|-PHYSICAL BOX
> |              |                                    |       |      (Set
> to forward traffic on
> |              |                                    |       |
> 10.0.0.8:53 to 192.168.122.10:53 )
> |              |                                    |       |
> |   192.168.122.10  VM eth0 | <---|
> -------------------------
>
>
> It seems as if I'm only missing a setting or two.
> The traffic still gets to the vm, but just can't seem to make it back
> out through the NAT.
>
> Anyone?
>
>
>
>
>
>
> On Fri, 2008-09-12 at 16:17 -0400, Josh Mullis wrote:
> > MY SETUP:
> >
> > - 1 physical server running as Xen Dom0 (Director)
> >         -LAN ip: 10.0.0.80
> >         -NAT ip: 192.168.122.1
> >                 -Natting is setup thorugh default xen network scripts
> >
> >         -ipvsadm -A -t 10.0.0.80:53 -s rr
> >         -ipvsadm -a -t 10.0.0.80:53 -r 192.168.122.10:53 -m
> >         -ipvsadm -A -u 10.0.0.80:53 -s rr
> >         -ipvsadm -a -u 10.0.0.80:53 -r 192.168.122.10:53 -m
> >
> >
> > - 1 domU (realserver) on this box (Will add others in the future)
> >         -ip: 192.168.122.10
> >         -gw: 192.168.122.1
> >         -running BIND
> >
> >
> > MY PROBLEM:
> >
> > >From a host on the 10.0.0.0 network, I can do a dig @10.0.0.80 and do
> > not get a response.
> > I do however see the traffic on the 192.168.122.10 virtual machine
> > from
> > this host on the 10.0.0.0.
> >
> >
> > Any help is appreciated.
> >
> > Thanks
> > -Josh
> >
> >
> >
> >
> >
> > _______________________________________________
> > LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> >
> >
>
>
>
>
> ---------- Forwarded message ----------
> From: Graeme Fowler <graeme@xxxxxxxxxxx>
> To: "LinuxVirtualServer.org users mailing list." <
> lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
> Date: Wed, 17 Sep 2008 16:17:08 +0100
> Subject: Re: [lvs-users] LVS + Xen + NAT
> On Wed, 2008-09-17 at 11:05 -0400, Josh Mullis wrote:
> > This is a very basic setup.
>
> ...ok...
>
> > Thought maybe this award -winning diagram would help clear up any
> > confusion.
>
> Post-modern, more like. The formatting went pop in transit :)
>
> Simple question: does the realserver (the VM, 192.168.122.10) have a
> route direct back to the 10.0.0.0/whatever network?
>
> More specific routes will override the default, so having a direct route
> means the traffic will not necessarily traverse the director and will
> therefore not be un-NATted on the way back.
>
> Is there some sort of virtual ethernet bridge affecting it with both
> network segments on the same "virtual cable"?
>
> Graeme
>
>
>
>
>
> ---------- Forwarded message ----------
> From: "Tears !" <unix.co@xxxxxxxxx>
> To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Date: Wed, 17 Sep 2008 21:27:17 +0500
> Subject: [lvs-users] ldirecctord problem on slave node
> Dear Members!
>
> lidrectord is not working on secondary node whenever primary node is
> unavailable.
>
> Here is the heartbeat log on secondary node.
>
> heartbeat[21555]: 2008/09/17_21:04:42 info: Received shutdown notice from
> 'node1'.
> heartbeat[21555]: 2008/09/17_21:04:42 info: Resources being acquired from
> node1.
> heartbeat[22828]: 2008/09/17_21:04:42 info: acquire local HA resources
> (standby).
> heartbeat[22828]: 2008/09/17_21:04:42 info: local HA resource acquisition
> completed (standby).
> heartbeat[22829]: 2008/09/17_21:04:42 info: No local resources
> [/usr/share/heartbeat/ResourceManager listkeys tears] to acquire.
> heartbeat[21555]: 2008/09/17_21:04:42 info: Standby resource acquisition
> done [foreign].
> harc[22854]:    2008/09/17_21:04:42 info: Running /etc/ha.d/rc.d/status
> status
> mach_down[22869]:       2008/09/17_21:04:42 info: Taking over resource
> group
> 192.168.2.25/24/eth0
> ResourceManager[22894 <http://192.168.2.25/24/eth0ResourceManager%5B22894>]:
> 2008/09/17_21:04:42 info: Acquiring resource group:
> node1 192.168.2.25/24/eth0 ldirectord
> IPaddr[22920]:  2008/09/17_21:04:43 INFO:  Resource is
> stopped
> ResourceManager[22894]: 2008/09/17_21:04:43 info: Running
> /etc/ha.d/resource.d/IPaddr 192.168.2.25/24/eth0 start
> IPaddr[23017]:  2008/09/17_21:04:43 INFO: Using calculated netmask for
> 192.168.2.25: 255.255.255.0
> IPaddr[23017]:  2008/09/17_21:04:43 INFO: eval ifconfig eth0:0
> 192.168.2.25netmask
> 255.255.255.0 broadcast 192.168.2.255
> IPaddr[22988]:  2008/09/17_21:04:43 INFO:
> Success
>
> ResourceManager[22894]: 2008/09/17_21:04:43 info: Running
> /etc/ha.d/resource.d/ldirectord  start
> ResourceManager[22894]: 2008/09/17_21:04:43 ERROR: Return code 2 from
> /etc/ha.d/resource.d/ldirectord
> ResourceManager[22894]: 2008/09/17_21:04:43 CRIT: Giving up resources due
> to
> failure of ldirectord
> ResourceManager[22894]: 2008/09/17_21:04:43 info: Releasing resource group:
> node1 192.168.2.25/24/eth0 ldirectord
> ResourceManager[22894]: 2008/09/17_21:04:43 info: Running
> /etc/ha.d/resource.d/ldirectord  stop
> ResourceManager[22894]: 2008/09/17_21:04:43 ERROR: Return code 2 from
> /etc/ha.d/resource.d/ldirectord
> ResourceManager[22894]: 2008/09/17_21:04:44 info: Retrying failed stop
> operation [ldirectord]
> ResourceManager[22894]: 2008/09/17_21:04:44 info: Running
> /etc/ha.d/resource.d/ldirectord  stop
> ResourceManager[22894]: 2008/09/17_21:04:44 ERROR: Return code 2 from
> /etc/ha.d/resource.d/ldirectord
> ResourceManager[22894]: 2008/09/17_21:04:45 info: Retrying failed stop
> operation [ldirectord]
> ResourceManager[22894]: 2008/09/17_21:04:45 info: Running
> /etc/ha.d/resource.d/ldirectord  stop
> ResourceManager[22894]: 2008/09/17_21:04:45 ERROR: Return code 2 from
> /etc/ha.d/resource.d/ldirectord
> ResourceManager[22894]: 2008/09/17_21:04:46 info: Retrying failed stop
> operation [ldirectord]
> ResourceManager[22894]: 2008/09/17_21:04:46 info: Running
> /etc/ha.d/resource.d/ldirectord  stop
> ResourceManager[22894]: 2008/09/17_21:04:46 ERROR: Return code 2 from
> /etc/ha.d/resource.d/ldirectord
> ResourceManager[22894]: 2008/09/17_21:04:47 info: Retrying failed stop
> operation [ldirectord]
> ResourceManager[22894]: 2008/09/17_21:04:47 info: Running
> /etc/ha.d/resource.d/ldirectord  stop
> ResourceManager[22894]: 2008/09/17_21:04:47 ERROR: Return code 2 from
> /etc/ha.d/resource.d/ldirectord
> ResourceManager[22894]: 2008/09/17_21:04:48 info: Retrying failed stop
> operation [ldirectord]
> ResourceManager[22894]: 2008/09/17_21:04:48 info: Running
> /etc/ha.d/resource.d/ldirectord  stop
> ResourceManager[22894]: 2008/09/17_21:04:48 ERROR: Return code 2 from
> /etc/ha.d/resource.d/ldirectord
> ResourceManager[22894]: 2008/09/17_21:04:50 info: Retrying failed stop
> operation [ldirectord]
> ResourceManager[22894]: 2008/09/17_21:04:50 info: Running
> /etc/ha.d/resource.d/ldirectord  stop
> ResourceManager[22894]: 2008/09/17_21:04:50 ERROR: Return code 2 from
> /etc/ha.d/resource.d/ldirectord
> ResourceManager[22894]: 2008/09/17_21:04:51 info: Retrying failed stop
> operation [ldirectord]
> ResourceManager[22894]: 2008/09/17_21:04:51 info: Running
> /etc/ha.d/resource.d/ldirectord  stop
> ResourceManager[22894]: 2008/09/17_21:04:51 ERROR: Return code 2 from
> /etc/ha.d/resource.d/ldirectord
> ResourceManager[22894]: 2008/09/17_21:04:52 info: Retrying failed stop
> operation [ldirectord]
> ResourceManager[22894]: 2008/09/17_21:04:52 info: Running
> /etc/ha.d/resource.d/ldirectord  stop
> ResourceManager[22894]: 2008/09/17_21:04:52 ERROR: Return code 2 from
> /etc/ha.d/resource.d/ldirectord
> ResourceManager[22894]: 2008/09/17_21:04:53 info: Retrying failed stop
> operation [ldirectord]
> ResourceManager[22894]: 2008/09/17_21:04:53 info: Running
> /etc/ha.d/resource.d/ldirectord  stop
> ResourceManager[22894]: 2008/09/17_21:04:53 ERROR: Return code 2 from
> /etc/ha.d/resource.d/ldirectord
> heartbeat[21555]: 2008/09/17_21:04:54 WARN: node node1: is dead
> heartbeat[21555]: 2008/09/17_21:04:54 info: Dead node node1 gave up
> resources.
> heartbeat[21555]: 2008/09/17_21:04:54 info: Link node1:eth0 dead.
> ResourceManager[22894]: 2008/09/17_21:04:54 info: Retrying failed stop
> operation [ldirectord]
> ResourceManager[22894]: 2008/09/17_21:04:54 info: Running
> /etc/ha.d/resource.d/ldirectord  stop
> ResourceManager[22894]: 2008/09/17_21:04:54 ERROR: Return code 2 from
> /etc/ha.d/resource.d/ldirectord
> ResourceManager[22894]: 2008/09/17_21:04:54 ERROR: Resource script for
> ldirectord probably not LSB-compliant.
> ResourceManager[22894]: 2008/09/17_21:04:54 WARN: it (ldirectord) MUST
> succeed on a stop when already stopped
> ResourceManager[22894]: 2008/09/17_21:04:54 WARN: Machine reboot narrowly
> avoided!
> ResourceManager[22894]: 2008/09/17_21:04:54 info: Running
> /etc/ha.d/resource.d/IPaddr 192.168.2.25/24/eth0 stop
> IPaddr[23503]:  2008/09/17_21:04:54 INFO: ifconfig eth0:0 down
> IPaddr[23474]:  2008/09/17_21:04:54 INFO:  Success
> mach_down[22869]:       2008/09/17_21:04:54 info:
> /usr/share/heartbeat/mach_down: nice_failback: foreign resources acquired
> mach_down[22869]:       2008/09/17_21:04:54 info: mach_down takeover
> complete for node node1.
> heartbeat[21555]: 2008/09/17_21:04:54 info: mach_down takeover complete.
>
> Regards,
>
> Umar
>
>
>
> ---------- Forwarded message ----------
> From: "Malcolm Turnbull" <malcolm@xxxxxxxxxxxxxxxx>
> To: "LinuxVirtualServer.org users mailing list." <
> lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
> Date: Wed, 17 Sep 2008 17:33:35 +0100
> Subject: Re: [lvs-users] ldirecctord problem on slave node
> I assume that your ldirectord config file is invalid? (on the slave)
>
> ResourceManager[22894]: 2008/09/17_21:04:43 ERROR: Return code 2 from
> /etc/ha.d/resource.d/
> ldirectord
> ResourceManager[22894]: 2008/09/17_21:04:43 CRIT: Giving up resources due
> to
> failure of ldirectord
> ResourceManager[22894]: 2008/09/17_21:04:43 info: Releasing resource group:
> node1 192.168.2.25/24/eth0 ldirectord
> ResourceManager[22894]: 2008/09/17_21:
>
>
>
>
> 2008/9/17 Tears ! <unix.co@xxxxxxxxx>
> >
> > Dear Members!
> >
> > lidrectord is not working on secondary node whenever primary node is
> > unavailable.
> >
> > Here is the heartbeat log on secondary node.
> >
> > heartbeat[21555]: 2008/09/17_21:04:42 info: Received shutdown notice from
> > 'node1'.
> > heartbeat[21555]: 2008/09/17_21:04:42 info: Resources being acquired from
> > node1.
> > heartbeat[22828]: 2008/09/17_21:04:42 info: acquire local HA resources
> > (standby).
> > heartbeat[22828]: 2008/09/17_21:04:42 info: local HA resource acquisition
> > completed (standby).
> > heartbeat[22829]: 2008/09/17_21:04:42 info: No local resources
> > [/usr/share/heartbeat/ResourceManager listkeys tears] to acquire.
> > heartbeat[21555]: 2008/09/17_21:04:42 info: Standby resource acquisition
> > done [foreign].
> > harc[22854]:    2008/09/17_21:04:42 info: Running /etc/ha.d/rc.d/status
> > status
> > mach_down[22869]:       2008/09/17_21:04:42 info: Taking over resource
> group
> > 192.168.2.25/24/eth0
> > ResourceManager[22894]: 2008/09/17_21:04:42 info: Acquiring resource
> group:
> > node1 192.168.2.25/24/eth0 ldirectord
> > IPaddr[22920]:  2008/09/17_21:04:43 INFO:  Resource is
> > stopped
> > ResourceManager[22894]: 2008/09/17_21:04:43 info: Running
> > /etc/ha.d/resource.d/IPaddr 192.168.2.25/24/eth0 start
> > IPaddr[23017]:  2008/09/17_21:04:43 INFO: Using calculated netmask for
> > 192.168.2.25: 255.255.255.0
> > IPaddr[23017]:  2008/09/17_21:04:43 INFO: eval ifconfig eth0:0
> > 192.168.2.25netmask
> > 255.255.255.0 broadcast 192.168.2.255
> > IPaddr[22988]:  2008/09/17_21:04:43 INFO:
> > Success
> >
> > ResourceManager[22894]: 2008/09/17_21:04:43 info: Running
> > /etc/ha.d/resource.d/ldirectord  start
> > ResourceManager[22894]: 2008/09/17_21:04:43 ERROR: Return code 2 from
> > /etc/ha.d/resource.d/ldirectord
> > ResourceManager[22894]: 2008/09/17_21:04:43 CRIT: Giving up resources due
> to
> > failure of ldirectord
> > ResourceManager[22894]: 2008/09/17_21:04:43 info: Releasing resource
> group:
> > node1 192.168.2.25/24/eth0 ldirectord
> > ResourceManager[22894]: 2008/09/17_21:04:43 info: Running
> > /etc/ha.d/resource.d/ldirectord  stop
> > ResourceManager[22894]: 2008/09/17_21:04:43 ERROR: Return code 2 from
> > /etc/ha.d/resource.d/ldirectord
> > ResourceManager[22894]: 2008/09/17_21:04:44 info: Retrying failed stop
> > operation [ldirectord]
> > ResourceManager[22894]: 2008/09/17_21:04:44 info: Running
> > /etc/ha.d/resource.d/ldirectord  stop
> > ResourceManager[22894]: 2008/09/17_21:04:44 ERROR: Return code 2 from
> > /etc/ha.d/resource.d/ldirectord
> > ResourceManager[22894]: 2008/09/17_21:04:45 info: Retrying failed stop
> > operation [ldirectord]
> > ResourceManager[22894]: 2008/09/17_21:04:45 info: Running
> > /etc/ha.d/resource.d/ldirectord  stop
> > ResourceManager[22894]: 2008/09/17_21:04:45 ERROR: Return code 2 from
> > /etc/ha.d/resource.d/ldirectord
> > ResourceManager[22894]: 2008/09/17_21:04:46 info: Retrying failed stop
> > operation [ldirectord]
> > ResourceManager[22894]: 2008/09/17_21:04:46 info: Running
> > /etc/ha.d/resource.d/ldirectord  stop
> > ResourceManager[22894]: 2008/09/17_21:04:46 ERROR: Return code 2 from
> > /etc/ha.d/resource.d/ldirectord
> > ResourceManager[22894]: 2008/09/17_21:04:47 info: Retrying failed stop
> > operation [ldirectord]
> > ResourceManager[22894]: 2008/09/17_21:04:47 info: Running
> > /etc/ha.d/resource.d/ldirectord  stop
> > ResourceManager[22894]: 2008/09/17_21:04:47 ERROR: Return code 2 from
> > /etc/ha.d/resource.d/ldirectord
> > ResourceManager[22894]: 2008/09/17_21:04:48 info: Retrying failed stop
> > operation [ldirectord]
> > ResourceManager[22894]: 2008/09/17_21:04:48 info: Running
> > /etc/ha.d/resource.d/ldirectord  stop
> > ResourceManager[22894]: 2008/09/17_21:04:48 ERROR: Return code 2 from
> > /etc/ha.d/resource.d/ldirectord
> > ResourceManager[22894]: 2008/09/17_21:04:50 info: Retrying failed stop
> > operation [ldirectord]
> > ResourceManager[22894]: 2008/09/17_21:04:50 info: Running
> > /etc/ha.d/resource.d/ldirectord  stop
> > ResourceManager[22894]: 2008/09/17_21:04:50 ERROR: Return code 2 from
> > /etc/ha.d/resource.d/ldirectord
> > ResourceManager[22894]: 2008/09/17_21:04:51 info: Retrying failed stop
> > operation [ldirectord]
> > ResourceManager[22894]: 2008/09/17_21:04:51 info: Running
> > /etc/ha.d/resource.d/ldirectord  stop
> > ResourceManager[22894]: 2008/09/17_21:04:51 ERROR: Return code 2 from
> > /etc/ha.d/resource.d/ldirectord
> > ResourceManager[22894]: 2008/09/17_21:04:52 info: Retrying failed stop
> > operation [ldirectord]
> > ResourceManager[22894]: 2008/09/17_21:04:52 info: Running
> > /etc/ha.d/resource.d/ldirectord  stop
> > ResourceManager[22894]: 2008/09/17_21:04:52 ERROR: Return code 2 from
> > /etc/ha.d/resource.d/ldirectord
> > ResourceManager[22894]: 2008/09/17_21:04:53 info: Retrying failed stop
> > operation [ldirectord]
> > ResourceManager[22894]: 2008/09/17_21:04:53 info: Running
> > /etc/ha.d/resource.d/ldirectord  stop
> > ResourceManager[22894]: 2008/09/17_21:04:53 ERROR: Return code 2 from
> > /etc/ha.d/resource.d/ldirectord
> > heartbeat[21555]: 2008/09/17_21:04:54 WARN: node node1: is dead
> > heartbeat[21555]: 2008/09/17_21:04:54 info: Dead node node1 gave up
> > resources.
> > heartbeat[21555]: 2008/09/17_21:04:54 info: Link node1:eth0 dead.
> > ResourceManager[22894]: 2008/09/17_21:04:54 info: Retrying failed stop
> > operation [ldirectord]
> > ResourceManager[22894]: 2008/09/17_21:04:54 info: Running
> > /etc/ha.d/resource.d/ldirectord  stop
> > ResourceManager[22894]: 2008/09/17_21:04:54 ERROR: Return code 2 from
> > /etc/ha.d/resource.d/ldirectord
> > ResourceManager[22894]: 2008/09/17_21:04:54 ERROR: Resource script for
> > ldirectord probably not LSB-compliant.
> > ResourceManager[22894]: 2008/09/17_21:04:54 WARN: it (ldirectord) MUST
> > succeed on a stop when already stopped
> > ResourceManager[22894]: 2008/09/17_21:04:54 WARN: Machine reboot narrowly
> > avoided!
> > ResourceManager[22894]: 2008/09/17_21:04:54 info: Running
> > /etc/ha.d/resource.d/IPaddr 192.168.2.25/24/eth0 stop
> > IPaddr[23503]:  2008/09/17_21:04:54 INFO: ifconfig eth0:0 down
> > IPaddr[23474]:  2008/09/17_21:04:54 INFO:  Success
> > mach_down[22869]:       2008/09/17_21:04:54 info:
> > /usr/share/heartbeat/mach_down: nice_failback: foreign resources acquired
> > mach_down[22869]:       2008/09/17_21:04:54 info: mach_down takeover
> > complete for node node1.
> > heartbeat[21555]: 2008/09/17_21:04:54 info: mach_down takeover complete.
> >
> > Regards,
> >
> > Umar
> > _______________________________________________
> > LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
>
>
> --
> Regards,
>
> Malcolm Turnbull.
>
> Loadbalancer.org Ltd.
> Phone: +44 (0)870 443 8779
> http://www.loadbalancer.org/
>
>
>
>
> ---------- Forwarded message ----------
> From: Josh Mullis <josh.mullis@xxxxxxx>
> To: "LinuxVirtualServer.org users mailing list." <
> lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
> Date: Wed, 17 Sep 2008 12:34:58 -0400
> Subject: Re: [lvs-users] LVS + Xen + NAT
>
> Yea...  sorry about the diagram.
>
> Only has def gateway of 192.168.122.1, which knows how to get to
> 10.0.0.0 .
>
> Tried the direct routeanyway, but did not help.
> "route add 10.0.0.0 gw 192.168.122.1"
>
> I can do a dig from the physical server OS to the 192.168.122.10 vm, ,
> which is going through the bridge.
> This works perfect.
>
>
>
> On Wed, 2008-09-17 at 11:17 -0400, Graeme Fowler wrote:
> > On Wed, 2008-09-17 at 11:05 -0400, Josh Mullis wrote:
> > > This is a very basic setup.
> >
> > ...ok...
> >
> > > Thought maybe this award -winning diagram would help clear up any
> > > confusion.
> >
> > Post-modern, more like. The formatting went pop in transit :)
> >
> > Simple question: does the realserver (the VM, 192.168.122.10) have a
> > route direct back to the 10.0.0.0/whatever network?
> >
> > More specific routes will override the default, so having a direct
> > route
> > means the traffic will not necessarily traverse the director and will
> > therefore not be un-NATted on the way back.
> >
> > Is there some sort of virtual ethernet bridge affecting it with both
> > network segments on the same "virtual cable"?
> >
> > Graeme
> >
> >
> > _______________________________________________
> > LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> >
> >
>
>
>
>
> ---------- Forwarded message ----------
> From: "Laurentiu C. Badea (L.C.)" <lc@xxxxxxxx>
> To: "LinuxVirtualServer.org users mailing list." <
> lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
> Date: Wed, 17 Sep 2008 09:59:27 -0700
> Subject: Re: [lvs-users] LVS + Xen + NAT
>
> Graeme Fowler wrote:
>
>> Simple question: does the realserver (the VM, 192.168.122.10) have a
>> route direct back to the 10.0.0.0/whatever network?
>>
>>
> Xen creates a virtual bridge and adds a few iptables rules to control
> access and do NAT for its clients, while the host domain becomes their
> gateway. So you have the LVS setup sitting on top of a NAT router.
>
> I would take a look at the iptables setup and check the packet counters
> during a query, especially on reject rules. Then try to insert rules to make
> it work and make sure the ruleset is maintained across reboots (Xen
> dynamically inserts rules when the bridges are brought up).
>
> --
> Laurentiu
>
>
>
>
> ---------- Forwarded message ----------
> From: Josh Mullis <josh.mullis@xxxxxxx>
> To: "LinuxVirtualServer.org users mailing list." <
> lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
> Date: Wed, 17 Sep 2008 13:22:23 -0400
> Subject: Re: [lvs-users] LVS + Xen + NAT
> I actually expected to see some different rules than what I have.
> Not sure what I need to add.
>
> Here are my current tables.
> (Spaces replaced with -'s for formatting)
>
> iptables -L
>
> Chain-INPUT(policyACCEPT)
> target-prot-opt-source-destination
> ACCEPT-udp--anywhere-anywhere-udp dpt:domain
> ACCEPT-tcp--anywhere-anywhere-tcp dpt:domain
> ACCEPT-udp--anywhere-anywhere-udp dpt:bootps
> ACCEPT-tcp--anywhere-anywhere-tcp dpt:bootps
>
> Chain-FORWARD(policyACCEPT)
> target-prot-opt-source-destination
> ACCEPT-all--anywhere-192.168.122.0/24-state-RELATED,ESTABLISHED
> ACCEPT-all--192.168.122.0/24-anywhere
> ACCEPT-all--anywhere-anywhere
> REJECT-all--anywhere-anywhere-reject-with icmp-port-unreachable
> REJECT-all--anywhere-anywhere-reject-with icmp-port-unreachable
> ACCEPT-all--192.168.122.10-anywhere-PHYSDEV-match--physdev-in vif2.0
> ACCEPT-udp--anywhere-anywhere-PHYSDEV-match--physdev-in-vif2.0-udp-spt:bootpc
> dpt:bootps
>
> Chain-OUTPUT-(policyACCEPT)
> target-prot-opt-source-destination
>
>
>
>
>
>
> On Wed, 2008-09-17 at 12:59 -0400, Laurentiu C. Badea (L.C.) wrote:
> >
> > Graeme Fowler wrote:
> > > Simple question: does the realserver (the VM, 192.168.122.10) have a
> > > route direct back to the 10.0.0.0/whatever network?
> > >
> >
> > Xen creates a virtual bridge and adds a few iptables rules to control
> > access and do NAT for its clients, while the host domain becomes their
> > gateway. So you have the LVS setup sitting on top of a NAT router.
> >
> > I would take a look at the iptables setup and check the packet
> > counters
> > during a query, especially on reject rules. Then try to insert rules
> > to
> > make it work and make sure the ruleset is maintained across reboots
> > (Xen
> > dynamically inserts rules when the bridges are brought up).
> >
> > --
> > Laurentiu
> >
> > _______________________________________________
> > LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> >
> >
>
>
>
> _______________________________________________
> lvs-users mailing list
> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> http://lists.graemef.net/mailman/listinfo/lvs-users
>
>


-- 
Umar Draz
Network Administrator
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Re: [lvs-users] ldirecctord problem on slave node (Malcolm Turnbull), Tears ! <=
Previous by Date:  Re: [lvs-users] LVS + Xen + NAT, Josh Mullis
Next by Date:  Re: [lvs-users] LVS + Xen + NAT, Josh Mullis
Previous by Thread:  [lvs-users] ldirecctord problem on slave node, Tears !
Next by Thread:  [lvs-users] Connections through VIP are slow (with 5 seconds delay for each connection), Nookala Satish Kumar
Indexes:  [Date] [Thread] [Top] [All Lists]