LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: ip_vs & NAT

To: "John P . Looney" <john@xxxxxxxxxxxxx>
Subject: Re: ip_vs & NAT
Cc: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
From: Julian Anastasov <ja@xxxxxx>
Date: Sun, 25 Feb 2001 01:03:52 +0000 (GMT)
        Hello,

On Sat, 24 Feb 2001, John P . Looney wrote:

>  I have a few machines running apache & mysql behind a router running ipvs.
>
>  The router masquerades the connections, like so;
>
> TCP  172.24.51.1:www lc
>   -> evilwillow.sunnydale.antefacto.com:www Masq    1      0          0
>   -> goodwillow.sunnydale.antefacto.com:www Masq    1      0          0
> TCP  172.24.51.6:mysql lc
>   -> evilwillow.sunnydale.antefacto.com:mysql Masq    1      0          0
>   -> goodwillow.sunnydale.antefacto.com:mysql Masq    1      0          0
>
>  It works fine. External apps can get to these machines. However,
> the router and the two machines above can't get to 172.24.51.6:mysql - the
> connection hangs. Like wise for apache. The machines are all on a switch -
> not a hub, if that matters.

        The clients can't run in the director. If they run in NAT-ed
real servers then they can't work. Only for DR and TUN method you
can run clients in the real servers but they connect to the local host
and not to the director.

>  I telnetted to 172.24.51.1:www from "evilwillow", and did a tcp dump on
> the ipvs machine, and saw;
>
> User level filter, protocol ALL, datagram packet socket
> tcpdump: listening on all devices
> 16:25:20.567319 eth0 < goodwillow.sunnydale.antefacto.com.1926 > 
> evilwillow.sunnydale.antefacto.com.www: S [ECN-Echo,CWR] 
> 3633840634:3633840634(0) win 5840 <mss 1460,sackOK,timestamp 17852294 
> 0,nop,wscale 0> (DF)
> 16:25:20.567775 eth0 > evilwillow.sunnydale.antefacto.com.www > 
> goodwillow.sunnydale.antefacto.com.1926: S [ECN-Echo] 
> 3634986324:3634986324(0) ack 3633840635 win 5792 <mss 1460,sackOK,timestamp 
> 17521934 17852294,nop,wscale 0> (DF)
> 16:25:20.567890 eth0 < goodwillow.sunnydale.antefacto.com.1926 > 
> evilwillow.sunnydale.antefacto.com.www: R 3633840635:3633840635(0) win 0 (DF)
> 16:25:23.564060 eth0 < goodwillow.sunnydale.antefacto.com.1926 > 
> evilwillow.sunnydale.antefacto.com.www: S [ECN-Echo,CWR] 
> 3633840634:3633840634(0) win 5840 <mss 1460,sackOK,timestamp 17852594 
> 0,nop,wscale 0> (DF)
> 16:25:23.564139 eth0 > evilwillow.sunnydale.antefacto.com.www > 
> goodwillow.sunnydale.antefacto.com.1926: S [ECN-Echo] 
> 3637982691:3637982691(0) ack 3633840635 win 5792 <mss 1460,sackOK,timestamp 
> 17522234 17852594,nop,wscale 0> (DF)
> 16:25:23.564229 eth0 < goodwillow.sunnydale.antefacto.com.1926 > 
> evilwillow.sunnydale.antefacto.com.www: R 3633840635:3633840635(0) win 0 (DF)

        Hm, I don't understand this output. What is the LVS version?

>  That looks like the machines are talking. But, I keep getting "connection
> refused". Is there something special you need to do when both machines
> from outside a cluster and inside a cluster have to access HA services ?

        To run direct routing instead of NAT.

Regards

--
Julian Anastasov <ja@xxxxxx>



<Prev in Thread] Current Thread [Next in Thread>