LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

ipchains -> iptables

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: ipchains -> iptables
From: Stuart Fox <stuart@xxxxxxxxxxx>
Date: Thu, 26 Apr 2001 14:57:03 +0100
Hi 

Im using the latest piranha package from the experimental area.

Running RH 7.1 upgraded kernel 2.4.3 source patched ipvs-0.2.11

I have 2 load balancers and 8 real servers

There are 5 virtual servers all servered from the 8 real servers

The primary load balancer has one static ip 212.161.72.2(eth0) and
5 floating ips 212.161.72.70/75/76/77/75

The other static ip is 192.168.0.2(eth1) and 192.168.0.5 is the 
floating default route for the 8 reals.

The load balancers seem to work fine detecting a fail and switching
roles.

The problem is getting a response back through the load balancers.
The real servers can get through fine when access the wed, but the
getting
a response back when rewuesting one of the virtual servers wont work!

Im pretty sure its an IPTables problem. Ive tried several solution but 
none seem to work.

Here is my current attempt


/usr/local/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.70 -d
0.0.0.0/0 -j SNAT --to-source 212.161.72.2
/usr/local/sbin/iptables -t nat -I POSTROUTING -s 192.168.0.90 -d
0.0.0.0/0 -j SNAT --to-source 212.161.72.2
/usr/local/sbin/iptables -t nat -I POSTROUTING -s 192.168.0.100 -d
0.0.0.0/0 -j SNAT --to-source 212.161.72.70
                                                        and 101/102 etc
/usr/local/sbin/iptables -t nat -I POSTROUTING -s 192.168.0.110 -d
0.0.0.0/0 -j SNAT --to-source 212.161.72.75
                                                        and 111/112 etc
/usr/local/sbin/iptables -t nat -I POSTROUTING -s 192.168.0.120 -d
0.0.0.0/0 -j SNAT --to-source 212.161.72.76
                                                        and 121/122 etc
/usr/local/sbin/iptables -t nat -I POSTROUTING -s 192.168.0.130 -d
0.0.0.0/0 -j SNAT --to-source 212.161.72.77
                                                        and 131/132 etc
/usr/local/sbin/iptables -t nat -I POSTROUTING -s 192.168.0.140 -d
0.0.0.0/0 -j SNAT --to-source 212.161.72.78
                                                        and 141/142 etc

ive also tried

/usr/local/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d
0.0.0.0/0 -j SNAT --to-source 212.161.72.2

and

/usr/local/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d
0.0.0.0/0 -j MASQUERADE

ive read something about fwmark but i dont have a clue what it is

The output of ipvsadm -Lcn is :-
IPVS connection entries
pro expire   state       source            virtual           destination
TCP 00:56.03 SYN_RECV    212.161.72.12:1437 212.161.72.70:80 
192.168.0.101:80

Any advice?

Stuart Fox

PS can I up the expirt time to 30 mins?

Attachment: stuart.vcf
Description: Card for Stuart Fox

<Prev in Thread] Current Thread [Next in Thread>