LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] Another newbie question

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] Another newbie question
Cc: Romain Meillon <r.meillon@xxxxxxxxxxxx>
From: David Coulson <david@xxxxxxxxxxxxxxxx>
Date: Wed, 13 Apr 2011 13:47:02 -0400

On 4/13/11 1:29 PM, Romain Meillon wrote:
> All tables are in ACCEPT policy on both IPVS and real server until
> i've done a correct configuration.
>
> so, as you adviced, i've done this on the real server (and tried many
> differents things) :
>
> iptables -t nat -A PREROUTING -p tcp -d<PUB_IP>  -j REDIRECT
You don't need that.
> ifconfig lo:0<PUB_IP>  netmask 255.255.255.255 broadcast<PUB_IP>  up
>
> echo 1>  /proc/sys/net/ipv4/conf/lo/arp_ignore
> echo 2>  /proc/sys/net/ipv4/conf/lo/arp_announce
> echo 1>  /proc/sys/net/ipv4/conf/all/arp_ignore
> echo 2>  /proc/sys/net/ipv4/conf/all/arp_announce
>
> This on IPVS
>
> /sbin/ipvsadm -A -t<PUB_IP>:80 -s rr
> /sbin/ipvsadm -a -t<PUB_IP>:80 -r 10.254.0.100:80 -g -w 1
>
> /sbin/ipvsadm -A -t<PUB_IP>:25 -s rr
> /sbin/ipvsadm -a -t<PUB_IP>:25 -r 10.254.0.100:25 -g -w 1
>
> and to have internet connectivity on the real server through the IPVS
> (perhaps i shouldn't? ):
> iptables -t nat -A POSTROUTING -s 10.254.0.100/24 -j MASQUERADE
Is the IPVS system your network default gateway? if not, you don't need 
that.
> The connection cannot be established from the client, no packet are
> back from the IPVS...
>
> Here is the tcpdump on the IPVS, it seems that packets go back to the client 
> ! :
>
> 19:14:37.720321 IP<CLIENT_IP>.62096>  <PUB_IP>.25: Flags [S], seq
> 1997275050, win 8192, options [mss 1460,nop,nop,sackOK], length 0
> 19:14:37.720684 IP<PUB_IP>.25>  <CLIENT_IP>62096: Flags [S.], seq
> 677256198, ack 1997275051, win 5840, options [mss
> 1460,nop,nop,sackOK], length 0
Why is the syn ack seen at all on the IPVS host? It should go direct 
from the real server to your network default gateway, then to client. 
Client IP in this case is on a different network to both public IP and 
real server IP?

Have you tested from a client system on the local network?

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>