|
On Fri, 3 Jul 2009, Olaf Krische wrote:
>
> (Seriously, i read the howto. Sorry if it seems i dont.)
OK. (Can you send only one posting instead of 3 each time
please?)
Sorry it's taken so long to see your problem.
o you have two routers, one for the private network, one for
the internet
o to talk to the internet router you need a public IP. Since
you don't have a public IP on the realserver, you can't talk
to the internet router.
I'm sure we must have had someone else with this problem
before, but not often and anyhow I've forgotten all about
it.
> I have the realserver (192.168.2.xx) in the private
> network. My default gateway for this network does NAT
> only.
OK
> I can use the second interface (eth1) on the realserver,
> setting on it an "internet" IP and changing the default
> route to the "internet" router. Then i have a default
> route to the client, which works perfectly.
>
> $ ip route add default via $router dev eth1
OK
can you run a cable from the inside of the private network
router to the inside of the internet router? (presumably
not). Presumably then you could do this
# route add net 192.168.2.0/32 dev eth0
# route add default gw $internet_router
> But i dont want to do this, since i waste this exact IP plus the realserver
> is reachable from the internet.
yes exactly.
> So i bring up eth1 without IP:
>
> $ ifconfig eth1 0 up
>
> And putting the VIP on lo:0:
>
> $ ifconfig lo:0 $VIP netmask 255.255.255.255 up
>
> And say, that all traffic shall go over eth1 in general:
>
> $ ip route add default dev eth1
>
> This is not enough,
what goes wrong?
do you understand that for LVS-DR the packets go in one
direction and that packets don't have to come back from the
router?
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-DR.html#Pearthree
You don't have to be able to ping the internet router (the
internet router does have to receive the ping packets).
> since it doesnt know yet,
> that the traffic on eth1 shall go to $router.
>
> So i try this by "ip route", which does not work:
>
> $ ip route add default via $router dev eth1
>
> But with the route command it works:
>
> $ route add default gw $router dev eth1
>
> Now i have all what i want! And it works.
great
> I can even ping.
nope, you should not be able to ping the internet router.
> But i am not sure, if that is alright.
If the LVS works, then it's good enough (but see the comment
about the arp problem below). It doesn't have to be perfect.
> Not that the router thinks now, that the VIP belongs to
> the realserver and does not use the LoadBalancer anymore.
> Mh.
then you haven't solved the arp problem.
> And what is weird now as well, when i watch the routing
> table, that there it is written, what the "ip route"
> actually denied me to do:
>
> $ ip route
> ...
> default via $router dev eth1
> default dev eth1 scope link
>
> But I can remove the rule:
>
> $ ip route del default via $router dev eth1
>
> But i can not add it again with "ip route add", just with
> "route add" as before.
>
> # not working: ip route add default via $router dev eth1
> # working: route add default gw $router dev eth1
>
> Weird, weird, weird.
mixing (ifconfig,route) with (ip...) winds up with strange
things happening. In general (ip...) sees everything that
(ifconfig, route) sees, but (ifconfig, route) doesn't know
about most things that (ip....) does. The routing table sees
it the way ip sees it.
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
