Re: doing both NAT and DR, I need help.

[Jeremy Hansen <jeremy@xxxxxxxxxxxx>]

So I've decided for now I'm just going to use nat, but if anyone comes up
with an idea of basically how to do NAT and DR at the same time while
maintaining internal ip addresses for real servers, please let me know.  I
still like to try doing it that way if possible but time constraints are
not allowing me to play aorund too long.

Thanks
-jeremy

On Fri, 22 Sep 2000, Jeremy Hansen wrote:

> 
> Yes, I am using LVS-DR and actually that part of it is working fine.  DR
> is working, but the problem is that I cannot initiate outgoing connections
> from my real servers.
> 
> LVS server has this:
> 
> IP Virtual Server version 0.9.15 (size=8192)
> Prot LocalAddress:Port Scheduler Flags
>   -> RemoteAddress:Port          Forward Weight ActiveConn InActConn
> FWM  1 wlc
>   -> 10.100.50.246:0             Route   1      0          0         
>   -> 10.100.50.247:0             Route   1      0          0         
> 
> -A input -s 0.0.0.0/0.0.0.0 -d 64.204.99.240/255.255.255.255 80:80 -p 6 -m 1
> -A input -s 0.0.0.0/0.0.0.0 -d 64.204.99.240/255.255.255.255 443:443 -p 6 -m 1
> -A forward -s 10.100.50.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
> 
> The fwmark rules are there cause I'm using fwmark.
> 
> This is the ethernet config for the lvs machine:
> 
> eth0      Link encap:Ethernet  HWaddr 00:D0:B7:73:37:9F  
>           inet addr:64.204.99.249  Bcast:64.204.99.255  Mask:255.255.255.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:331638 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:462125 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:100 
>           Interrupt:10 Base address:0xdf00 
> 
> eth0:0    Link encap:Ethernet  HWaddr 00:D0:B7:73:37:9F  
>           inet addr:64.204.99.240  Bcast:64.204.99.255  Mask:255.255.255.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           Interrupt:10 Base address:0xdf00 
> 
> lo        Link encap:Local Loopback  
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           UP LOOPBACK RUNNING  MTU:3924  Metric:1
>           RX packets:657 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:657 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0 
> 
> and the routing table for the lvs machine:
> 
> 64.204.99.249   0.0.0.0         255.255.255.255 UH    0      0        0 eth0
> 127.0.0.1       0.0.0.0         255.255.255.255 UH    0      0        0 lo
> 64.204.99.240   0.0.0.0         255.255.255.255 UH    0      0        0 eth0
> 64.204.99.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
> 10.100.50.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
> 127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
> 0.0.0.0         64.204.99.1     0.0.0.0         UG    0      0        0 eth0
> 
> 
> 
> REAL Server:
> 
> eth0      Link encap:Ethernet  HWaddr 00:D0:B7:AF:D9:BB  
>           inet addr:10.100.50.247  Bcast:10.100.50.255  Mask:255.255.255.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:299446 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:168569 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:100 
>           Interrupt:10 Base address:0xdf00 
> 
> lo        Link encap:Local Loopback  
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           UP LOOPBACK RUNNING  MTU:3924  Metric:1
>           RX packets:1932 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:1932 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0 
> 
> lo:0      Link encap:Local Loopback  
>           inet addr:64.204.99.240  Mask:255.255.255.255
>           UP LOOPBACK RUNNING  MTU:3924  Metric:1
> 
> 
> Destination     Gateway         Genmask         Flags Metric Ref    Use
> Iface
> 127.0.0.1       0.0.0.0         255.255.255.255 UH    0      0        0 lo
> 64.204.99.240   0.0.0.0         255.255.255.255 UH    0      0        0 lo
> 64.204.99.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
> 10.100.50.0     64.204.99.249   255.255.255.0   UG    0      0        0 eth0
> 127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
> 0.0.0.0         64.204.99.1     0.0.0.0         UG    0      0        0 eth0
> 
> 
> So, I hope this clears things up as I fear I'm failing to communicate what
> my actual problem is.
> 
> I cannot make connections to the internet from my real server.  Id would
> like to be able to do this and still maintain the internal network
> address.  I figured there would be some way to do this by saying that if I
> initiate from inside the real server to the outside, to then masq through
> the lvs machine, otherwise for incoming traffic, use direct routing.
> 
> -jeremy
> 
> On Fri, 22 Sep 2000, Joseph Mack wrote:
> 
> > On Fri, 22 Sep 2000, Jeremy Hansen wrote:
> > 
> > > 
> > > Ok.  Here's a layout of basically how it setup
> > > 
> > > 
> > >                 internet 
> > >                     |
> > >                 64.204.99.1 (network providers router)
> > >                     |
> > >             switch
> > >               |
> > > real server 1                     lvs machine             real server 2
> > > RIP (10.100.50.247)            RIP (64.204.99.249)        RIP 
> > > (10.100.50.246)
> > > lo:0 (64.204.99.240)           VIP (64.204.99.240)        lo:0 
> > > (64.204.99.240)
> > > default gw 64.204.99.1                            default gw 64.204.99.1
> > > static arp entry                                  static arp entry
> > > for the router,                                           for the router,
> > > 64.204.99.1                                               64.204.99.1
> > > 
> > > real server 3 (which is not to be load balanced)
> > > RIP (10.100.50.245)
> > > 
> > > The problem is real server 1,2,3 cannot get to the internet which is a
> > > requirement.  Basically because these machines don't really have a real ip
> > > address at all, so for them to get out, they need to be NAT's at some
> > > point.
> > 
> > With the VIP on lo:0 I assume you are now running VS-DR. If so, the
> > director doesn't have an IP on the 10.x.x.x network and can't talk 
> > to the real-servers. (Or else you're tunning VS-Tun and the VIP should
> > be in tunl0 on each real-server). 
> > 
> > real-server1 has a real IP of 64.204.99.240. It's as real an IP as you can
> > get. The router with an IP in the 64.204.99.x network will happily accept
> > packets from it. The only thing different about the VIP as far as being an
> > IP is that it won't reply to arp requests. (There is the extra wrinkle
> > that several machines in the LVS carry the VIP.)
> > 
> > You can get a VS-DR or VS-Tun LVS to work with an internal
> > betwork of 10.x.x.x and an external network of 64.204.99.x
> > 
> > I assume the problem is the your LVS isn't working. Can you set up for
> > telnet as your service and see what happens. If it doesn't work, try my
> > script. If that doesn't work, send me any messages from the startup script
> > and the output of ipvsadm, ifconfig -a and netstat -rn for all the machines.
> > 
> > Joe
> > --
> > Joseph Mack mack@xxxxxxxxxxx
> > 
> > 
> 
> eholes.org * jeremy@xxxxxxxxxx
> -----------------------------------------
> eholes have feelings too...
> 
> 
> 

eholes.org * jeremy@xxxxxxxxxx
-----------------------------------------
eholes have feelings too...