|
Yes, I am using LVS-DR and actually that part of it is working fine. DR
is working, but the problem is that I cannot initiate outgoing connections
from my real servers.
LVS server has this:
IP Virtual Server version 0.9.15 (size=8192)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
FWM 1 wlc
-> 10.100.50.246:0 Route 1 0 0
-> 10.100.50.247:0 Route 1 0 0
-A input -s 0.0.0.0/0.0.0.0 -d 64.204.99.240/255.255.255.255 80:80 -p 6 -m 1
-A input -s 0.0.0.0/0.0.0.0 -d 64.204.99.240/255.255.255.255 443:443 -p 6 -m 1
-A forward -s 10.100.50.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
The fwmark rules are there cause I'm using fwmark.
This is the ethernet config for the lvs machine:
eth0 Link encap:Ethernet HWaddr 00:D0:B7:73:37:9F
inet addr:64.204.99.249 Bcast:64.204.99.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:331638 errors:0 dropped:0 overruns:0 frame:0
TX packets:462125 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:10 Base address:0xdf00
eth0:0 Link encap:Ethernet HWaddr 00:D0:B7:73:37:9F
inet addr:64.204.99.240 Bcast:64.204.99.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:10 Base address:0xdf00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:657 errors:0 dropped:0 overruns:0 frame:0
TX packets:657 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
and the routing table for the lvs machine:
64.204.99.249 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
127.0.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 lo
64.204.99.240 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
64.204.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.100.50.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 64.204.99.1 0.0.0.0 UG 0 0 0 eth0
REAL Server:
eth0 Link encap:Ethernet HWaddr 00:D0:B7:AF:D9:BB
inet addr:10.100.50.247 Bcast:10.100.50.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:299446 errors:0 dropped:0 overruns:0 frame:0
TX packets:168569 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:10 Base address:0xdf00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:1932 errors:0 dropped:0 overruns:0 frame:0
TX packets:1932 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
lo:0 Link encap:Local Loopback
inet addr:64.204.99.240 Mask:255.255.255.255
UP LOOPBACK RUNNING MTU:3924 Metric:1
Destination Gateway Genmask Flags Metric Ref Use
Iface
127.0.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 lo
64.204.99.240 0.0.0.0 255.255.255.255 UH 0 0 0 lo
64.204.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.100.50.0 64.204.99.249 255.255.255.0 UG 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 64.204.99.1 0.0.0.0 UG 0 0 0 eth0
So, I hope this clears things up as I fear I'm failing to communicate what
my actual problem is.
I cannot make connections to the internet from my real server. Id would
like to be able to do this and still maintain the internal network
address. I figured there would be some way to do this by saying that if I
initiate from inside the real server to the outside, to then masq through
the lvs machine, otherwise for incoming traffic, use direct routing.
-jeremy
On Fri, 22 Sep 2000, Joseph Mack wrote:
> On Fri, 22 Sep 2000, Jeremy Hansen wrote:
>
> >
> > Ok. Here's a layout of basically how it setup
> >
> >
> > internet
> > |
> > 64.204.99.1 (network providers router)
> > |
> > switch
> > |
> > real server 1 lvs machine real server 2
> > RIP (10.100.50.247) RIP (64.204.99.249) RIP (10.100.50.246)
> > lo:0 (64.204.99.240) VIP (64.204.99.240) lo:0
> > (64.204.99.240)
> > default gw 64.204.99.1 default gw 64.204.99.1
> > static arp entry static arp entry
> > for the router, for the router,
> > 64.204.99.1 64.204.99.1
> >
> > real server 3 (which is not to be load balanced)
> > RIP (10.100.50.245)
> >
> > The problem is real server 1,2,3 cannot get to the internet which is a
> > requirement. Basically because these machines don't really have a real ip
> > address at all, so for them to get out, they need to be NAT's at some
> > point.
>
> With the VIP on lo:0 I assume you are now running VS-DR. If so, the
> director doesn't have an IP on the 10.x.x.x network and can't talk
> to the real-servers. (Or else you're tunning VS-Tun and the VIP should
> be in tunl0 on each real-server).
>
> real-server1 has a real IP of 64.204.99.240. It's as real an IP as you can
> get. The router with an IP in the 64.204.99.x network will happily accept
> packets from it. The only thing different about the VIP as far as being an
> IP is that it won't reply to arp requests. (There is the extra wrinkle
> that several machines in the LVS carry the VIP.)
>
> You can get a VS-DR or VS-Tun LVS to work with an internal
> betwork of 10.x.x.x and an external network of 64.204.99.x
>
> I assume the problem is the your LVS isn't working. Can you set up for
> telnet as your service and see what happens. If it doesn't work, try my
> script. If that doesn't work, send me any messages from the startup script
> and the output of ipvsadm, ifconfig -a and netstat -rn for all the machines.
>
> Joe
> --
> Joseph Mack mack@xxxxxxxxxxx
>
>
eholes.org * jeremy@xxxxxxxxxx
-----------------------------------------
eholes have feelings too...
|
