[lvs-users] LVS Setup

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	[lvs-users] LVS Setup
From:	Don McGregor <mcgredo@xxxxxxx>
Date:	Thu, 23 Apr 2009 17:28:29 -0700

I'm trying to use LVS in a NAT setup. the realserver at 192.168.1.3
Http is the service. A connection comes in to the LVS server, but when  
iptables
is running it hangs in a SYN_RECV state, not completing the three-way  
handshake.

This is being caused by iptables; when I turn it off the connection is  
established
to the realserver.

I've got IP FORWARD turned on, but  I'm not quite sure about the  
correct recipe for iptables
port forwarding here, and  don't see an obvious answer in the how-to.

Would someone care to enlighten me?

/etc/sysconfig/iptables on LVS:


# Generated by iptables-save v1.3.5 on Mon Apr 13 12:02:08 2009
*nat
:PREROUTING ACCEPT [58:9989]
:POSTROUTING ACCEPT [6:432]
:OUTPUT ACCEPT [6:432]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Mon Apr 13 12:02:08 2009
# Generated by iptables-save v1.3.5 on Mon Apr 13 12:02:08 2009
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [374659:29767933]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j  
ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 539 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 - 
j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 - 
j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 443 - 
j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 3306  
-j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 3636  
-j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT




_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread]	Current Thread	[Next in Thread>
[lvs-users] FWMARKs and persistence, Fabien Duchêne Re: [lvs-users] FWMARKs and persistence, Joseph Mack NA3T Re: [lvs-users] FWMARKs and persistence, Fabien Duchêne Re: [lvs-users] FWMARKs and persistence, Simon Horman Re: [lvs-users] FWMARKs and persistence, Fabien Duchêne Re: [lvs-users] FWMARKs and persistence, Simon Horman Re: [lvs-users] FWMARKs and persistence, Fabien Duchêne [lvs-users] LVS Setup, Don McGregor <= Re: [lvs-users] LVS Setup, Joseph Mack NA3T Re: [lvs-users] LVS Setup, Graeme Fowler

Previous by Date:	Re: [lvs-users] FWMARKs and persistence, Fabien Duchêne
Next by Date:	Re: [lvs-users] LVS Setup, Joseph Mack NA3T
Previous by Thread:	Re: [lvs-users] FWMARKs and persistence, Fabien Duchêne
Next by Thread:	Re: [lvs-users] LVS Setup, Joseph Mack NA3T
Indexes:	[Date] [Thread] [Top] [All Lists]