LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

AW: Problems setting up LVS-NAT

from [Thomas Lamy] [Permanent Link]
To: 'Julian Anastasov ' <ja@xxxxxx>, Thomas Lamy <Thomas.Lamy@xxxxxxxxxx>
Subject: AW: Problems setting up LVS-NAT
Cc: "''lvs-users@xxxxxxxxxxxxxxxxxxxxxx' '" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
From: Thomas Lamy <Thomas.Lamy@xxxxxxxxxx>
Date: Fri, 2 Nov 2001 11:41:57 +0100 
 

-----Originalnachricht-----
> Julian Anastasov
>       Hello,
>
>On Fri, 2 Nov 2001, Thomas Lamy wrote:
>
>> Hi,
>> I spent some days now trying to build a simple LVS-NAT balancer based
>> on Linux 2.4.13.
>> All machines are SuSE 7.3 based, and do what they should as long as
>> ipvs is not loaded.
>>
>> Here's my setup:
>> RS1 192.168.10.1---                    --------
>>                    +---192.168.10.100 |Director| 194.xx.xx.xx-----
>> RS2 192.168.10.2---                    --------
>>
>> The director has a stock 2.4.13 plus ipvs-{0.8.2,0.9.5} patch applied.
>> I did "iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j
>> MASQUERADE", from this point I am able to do anything (outbound) on
>> the real servers.
>> Apache is running on the real servers, and nothing is listening on the
>> director's port 80 (telnet VIP 80 => connection refused).
>>
>> Then I enter:
>>  ipvsadm -A -t 194.xx.xx.xx:80 -s rr
>>  ipvsadm -a -t 194.xx.xx.xx:80 -r 192.168.10.1:80 -m
>>  ipvsadm -a -t 194.xx.xx.xx:80 -r 192.168.10.2:80 -m
>>
>>From now on I can't connect to the VIP (no "connection refused", no
>> connection). I can't even see any packet coming when using tcpdump
>> for the external NIC - it seems the packet has gone /dev/null
>> before landing in userland.
>>
>> I'm sure I've missed something simple - it must be something
>> related to
>> ipvs, and it doesn't seem to be a bug, as it occurs with 0.8.2
>> _and_ 0.9.5.
>>
>> Any help out there ?
>>
>       One of the main questions when using NAT is "Where is the
> client?". It is not shown. You can troubleshoot your problem, follow
> these steps:
>
>http://www.linuxvirtualserver.org/~julian/L4-NAT-HOWTO.txt
>
>There are so many ways to create setup that does not work.
>
Ok, the client is connected to the director's external NIC (inside the
194.xx.xx.xx net). It's a classic "NAT with 2 NICs" setup.
I already found and tried the HOWTO, but it is a bit unclear to me exactly
where i suspect my problem:
Q3:
A.4 All packets from the client are dropped

        - the requests are received on wrong interface with rp_filter
        protection
        - firewall rules drop the requests

What is rp_filter ? I have nothing filtered, but enabled masq with iptables.

One other note to add: I set the debug_level for ipvs to 255. All non-ipvs
related incoming packets are shown in syslog, but there is silence for all
packets destined for ipvs. I'm stuck.

Thomas
>
>Regards
>
>--
>Julian Anastasov <ja@xxxxxx>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: LVS on RedHat 7.2, Adam: Kurzawa
Next by Date:  Re: AW: Problems setting up LVS-NAT, Julian Anastasov
Previous by Thread:  Problems setting up LVS-NAT, Thomas Lamy
Next by Thread:  Re: AW: Problems setting up LVS-NAT, Julian Anastasov
Indexes:  [Date] [Thread] [Top] [All Lists]