On Mon, 9 Oct 2000, Nathan Polonski wrote:
> Has anyone tried to tunnel nfs using SSH and an LVS system?
yow, not that I know of.
a gatcha with NFS/LVS. The file handle the client gets is not going to be
the same for the same file on different filesservers. This doesn't matter
till you want to failout a real-server, then the client will get a stale
file handle. This is an implementation problem with nfs. The file handle
is some random number derived from the geometry of the disk and the
location of the file on the disk. If the file handle was derived from the
file name, then this would not be a problem.
> I would like to tunnel an nfs connection from my realservers to a fileserver
> outside of the lvs system.
> When I try this, the file server sees the connection attempt, but rejects it
> because it is coming in on the wrong port number. Is there a rule that I
> need to setup in IPCHAINS to allow the proper translation of SSH (or NFS?)?
>
> If the file server is "FILESERV", the linux director(router) is
> LINUXDIRECTOR, and the arbitrary port number is "1234" the SSH command
> looks something like this:
> [root@realserver]# ssh -L 1234:FILESERV:2049 FILESERV
>
> The fstab entry on the realserver looks something like this:
> FILESERV:/files/in /mnt/FILESERV nfs
> exec,port=1234,dev,suid,rw,bg,soft 1 1
>
> The client responds by saying "access denied".
>
> The server log reports:
> refused mount request from LINUXDIRECTOR for /files/in (/files/in): illegal
> port 61037
I don't understand what you're trying to do here, so can't help directly,
but here's the rules for setting up a new VS-DR service on LVS.
1. get the service working directly between the client and an arping VIP
on the real-server (no LVS, no director)
2. Determine which port on the real-server listens for the connection
request
3. If only 1 port is involved you can set up a LVS.
4.turn off arp'ing on the VIP on the real-server, run ipvsadm on the
director, with the port number of interest being LVS'ed.
Joe
>
>
>
--
Joseph Mack mack@xxxxxxxxxxx
|