|
Jeremy Kusnetz wrote:
> I've tried masquerading with iptables:
> /usr/local/sbin/iptables -t nat -A POSTROUTING -s 10.75.0.0/16 -d 0.0.0.0/0
> -o eth0 -j MASQUERADE
not needed for 2.4. lvs sets up nat in both directions for you.
> With this setup I can ping the world on my realservers.
> I've even tried setting things up with configure_lvs_0.9.2, my config file
> looks like this:
>
> LVSCONF_FORMAT=1.1
> LVS_TYPE=VS_NAT
> INITIAL_STATE=on
> CLEAR_IPVS_TABLES=yes
> VIP=eth0:110 216.163.XXX.4 255.255.255.255 216.163.XXX.4
> DIP=eth1 10.75.0.1 10.75.0.0 255.255.0.0 10.75.255.255
> DIRECTOR_GW=216.163.XXX.1
> SERVICE=t smtp rr 10.75.0.11:smtp
> SERVER_NET_DEVICE=eth1
This script traps all the sillyness I managed to generate. Can you
run rc.lvs_nat on both the director and the realservers from
the command line (where they'll produce lots of output).
eg director:# ./rc.lvs_nat > director.out 2>&1
and look for any errors. Presumably you didn't see any.
Can you send the output from both machines to me off-line
(to mack.joseph@xxxxxxx if <4pm US east coast time, otherwise
to jmack@xxxxxxxx)
> Hmmm, after running configure, I can't reach the outside from the director,
this is a problem
> - the requests are received on wrong interface with rp_filter
protection
do you have any filter rules turned on?
smtp is not a simple service to debug. Try telnet till you get it running.
Joe
--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
|
