|
I have a working LVS-NAT setup, in that clients are able to access services
on the VIP's. But my real servers (rs) are unable to ping/mail/http/access
anything outside the NAT.
I've been getting mixed information from reading around, I've read on:
http://www.centos.org/docs/2/rhl-ig-as-x86-en-2.1/s1-nat-router-ifcfg.html
"Note:
Once the network interfaces are up on the real servers, the machines will be
unable to ping or connect in other ways to the public network. This is
normal. You will, however, be able to ping the real IP for the LVS router's
private interface, in this case 10.11.12.8"
Yet I've read on:
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-NAT.html
5.9. Julian's step-by-step check of a L4 LVS-NAT setup:
-----
Q.1 Can the realserver ping client?
rs# ping -n client
A.1 Yes => good
A.2 No => bad
Some settings for the director:
Linux 2.4:
iptables -t nat -A POSTROUTING -s RIP -j MASQUERADE
----
Adding that POSTROUTING rule in iptables allows the RS to now ping the
public internet (install updates, send mail etc...) But then the VIP becomes
inaccessible and the LVS no longer works. Am I not on the right track here?
Here is a link to a diagram of my network layout.
http://pastebin.com/m2613fd79
Thanks,
Kyle
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
