|
Hello,
On Fri, 22 Sep 2000, Jeremy Hansen wrote:
> Ok. Here's a layout of basically how it setup
>
>
> internet
> |
> 64.204.99.1 (network providers router)
> |
> switch
> |
> real server 1 lvs machine real server 2
> RIP (10.100.50.247) RIP (64.204.99.249) RIP (10.100.50.246)
> lo:0 (64.204.99.240) VIP (64.204.99.240) lo:0 (64.204.99.240)
> default gw 64.204.99.1 default gw 64.204.99.1
> static arp entry static arp entry
> for the router, for the router,
> 64.204.99.1 64.204.99.1
>
> real server 3 (which is not to be load balanced)
> RIP (10.100.50.245)
>
> The problem is real server 1,2,3 cannot get to the internet which is a
> requirement. Basically because these machines don't really have a real ip
> address at all, so for them to get out, they need to be NAT's at some
> point.
>
> What I thought you be possible is to set up a route or some type of rule
> that says if traffic originates from 10.100.50.0/24, instead of using the
> default gw, 64.204.99.1, go through 64.204.99.249 and be masqeraded, but
> at thew same time if traffic originates from elsewhere and gets passed
> from the LVS machine's VIP, then use the default gw and use DR instead.
>
> So I could masq and use DR for important traffic all at the same time.
>
> I hope this clears things up. My original email was pretty misleading.
No, it was clear.
Additional settings for your setup:
Settings for the real server(s):
ip rule add prio 100 from 10.100.50.0/24 table 100
ip route add table 100 0/0 via 10.100.50.249 dev eth0
For the director:
You have to teach your LVS box 64.204.99.249 to
listen on 10.100.50.249 and to stop the ICMP redirects:
ifconfig eth0:1 10.100.50.249 netmask 255.255.255.0
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects
ipchains -A forward -s 10.100.50.0/24 -j MASQ
Hope this helps.
> Thanks
> -jeremy
Regards
--
Julian Anastasov <ja@xxxxxx>
|
