|
Good day!
I have been unable to get Tunneling working in the following setup. Some of
you may ask, why is he using windows, well, it's not my choice, it's for one
of our clients.
Basically this was the best solution I could find out there to try, if
anyone has any suggestions if there's maybe a more suitable project for the
situation, please let me know.
The client wants to have a firewall running in front of this windows 2000
box. But, they also have a co-located box running from another connection
somewhere else in Canada. They want the box we host to be the primary
server, and that in the event that it fails, for the director to redirect
requests to the secondary box.
From what I've read this can be achieved using the wlc algorythm, Tunneling
and setting a huge weight on the primary system.
What I am having troubles with is getting the requests to get past the
director to the windows box, from what I've read I'm not even sure that this
is possible?
I have set up the following, once it works I will be putting the real server
behind the director on non routable network with extra interface attached to
the public side, but for the time being I just need to get it working.
DIP = 139.142.230.71
RIP = 139.142.230.70
VIP = 139.142.230.72
----------
| client |
----------
|------------------------------------------------------
VIP 139.142.230.72 |
|
DIP 139.142.230.71 |--------------| RIP 139.142.230.70
|RIP
?.?.?.?
----------- ----------
---------
RH7.1 2.4.16 | Director | | Real Srv|W2K
|RS2 |
----------- ----------
---------
On the director, I've got it set up as follows
ifconfig eth0 139.142.230.71 netmask 255.255.255.128 up
ifconfig tunl0 up
echo 1 > /proc/net/sys/ipv4/all/hidden
ifconfig tunl0:0 139.142.230.72 netmask 255.255.255.255 broadcast
139.142.230.72 up
echo 1 > /proc/net/sys/ipv4/tunl0/hidden
ipvsadm -A -t 139.142.230.72:80 -s wlc
ipvsadm -a -t 139.142.230.72:80 -r 139.142.230.70 -i -w 100
On the windows box I've configured the MS Loopback address as follows
Loopback 139.142.230.72
mask (via regedt32) 255.255.255.255
gw 139.142.230.72
metric 254
After all is said and done and I try to connect, ipvsadm shows the folling
in it's table:
IP Virtual Server version 0.9.8 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP s230-72.idyia.ca:http wlc
-> s230-70.idyia.ca:http Tunnel 100 0 1
Show's the connection as being inactive. I'm assuming that my problem lies
with the Windows box. But there must be a patch or project somewhere out
there or someone who's dealt with a similar problem before.
If someone could help it would be GRRRRREATT!
Untill then, cheers
Ben Shellrude
Sr. Network Analyst
|
