|
Hi,
Sorry for the delay. Have you fixed your problem now?
At 1:45, 99-2-11, Gian Filippo Pinzari wrote:
>Hello everybody,
>
>it is not a long time I joined the list. I'm very interested in this
>trend.
>This effort looks to be very well integrated in Linux kernel and,
>therefore, does appear to be very promising.
>
>OK, this is the problem. I'm presently playing with two machines
>staying on the same netmask. They both are RH52 and some parts
>of their disks are mirrored each other using a software named
>mirrordir (http://www.obsidian.co.za/mirrordir/). The first machine
>has IP 192.168.2.50, the second 192.168.2.51. They already implement
>some HA and automatic failover functions and I wanted to add
>Virtual Server support using IP tunneling and the local node feature.
>Until now, without success.
>
>I spent a long time trying to understand why the whole thing didn't
>work.
>I followed the documentation outlined in README.tunnel and tried
>also to play with IP aliases in order to let one of the two to become
>default gateway for the other. I tried with Telnet and FTP services
>(using ip_masq_ftp.o). The director machine (i.e. the one where I issued
>
>the ippfvsadm commands) responded to requests as expected, but
>the other one... The only result was the disk light turning ON at the
>time a request was entered, so I thought packets could arrive but
>could not get back. I made a lot of attempts setting different tunnels
>and SUDDENLY everything worked well . I saved in a text file the
>whole ifconfig and route configuration, rebooted, set up again the same
>way but, for reasons I don't understand, it didn't work anymore.
>
>The day after I looked at DejaNews and found a lot of people reporting
>weird problems on tunneling, so I gave up (and added a line to my
>TODOs).
>
>Next step was to recompile the kernel (2.0.36+vs0.6) for port
>forwarding and local node support. I expected to be successfull at
>the first try, but, also in this case... Some packets were going at
>the other end but they couldn't find the way back.
>
>I tried either letting Machine A and Machine B on the same subnet,
>either changing IP of Machine B to 111.111.111.50 , adding eth0:1 to
>Machine A as 111.111.111.51, setting default route of B to A and
>pointing ippfvsadm to services on the 111.x.x.x net (that is, if I
>remember: ippfvs -A -t 192.168.2.50:23 -R 111.111.111.50:23 -w 1
>and ippfvs -A -t 192.168.2.50:23 -R 111.111.111.51:23 -w 1).
>Of course, ipfw was always set up as stated in VS documentation.
>As usual, each IP could be ping-ed, but only the local node could
>respond to requests. Probably I'm wrong setting the routes.
Have you enabled the host A to accept the packet to be masqueraded
from the host B? for example, the command is
ipfwadm -F -a m -S 111.111.111.0/24 -D 0.0.0.0/0
To diagnosis, telnet to some hosts outside 111.111.111.0/24 from
the host B, see whether it can be masqueraded through the host A.
If it is OK, then check whether the ippfvs works through the
tcpdump utility or checking "/proc/net/ip_masquerade" on the host
A.
>
>May you suggest me simple configurations for port-forwarding VS
>and tunnelling VS that MUST work? I believe the problem is due to
>the fact that both machines are on the same netmask. Is there any
>limitation in using IP aliasing that I should know about?
To use ippfvs with tunneling, your two hosts are used as example,
Host A (192.168.2.50)
rebuild kernel with ippfvs via tunneling
ippfvsadm -A -t 192.168.2.50:23 -R 127.0.0.1
ippfvsadm -A -t 192.168.2.50:23 -R 192.168.2.51
Host B (192.168.2.51)
rebuilt kernel with tunneling
ifconfig tunl0 192.168.2.50
>
>Ciao, Gian Filippo.
>
|
