|
Hello,
> > I'm not using iproute2. I'm using ifconfig/route (via
> Joe's configure
> > script)
>
> Could you please also give me the output of 'ip addr show'?
[root@penguin1 lizambri]# ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:d0:b7:b9:f9:7f brd ff:ff:ff:ff:ff:ff
inet 192.168.1.10/24 brd 192.168.1.255 scope global eth0
inet 192.168.1.1/24 brd 192.168.1.255 scope global secondary eth0:1
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:d0:b7:b9:f9:7e brd ff:ff:ff:ff:ff:ff
inet 10.139.60.127/22 brd 10.139.63.255 scope global eth1
inet 10.139.60.121/32 brd 10.139.60.121 scope global eth1:121
4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 100
link/ether 00:30:48:11:2e:6f brd ff:ff:ff:ff:ff:ff
5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 100
link/ether 00:30:48:11:28:dd brd ff:ff:ff:ff:ff:ff
>
> > # ________
> > # | |
> > # | client |
> > # |________|
> > # CIP=eth0 10.139.60.1
> > # |
> > # |
> > # VIP=eth1:121 10.139.60.121/22
>
> Could you change the netmask to /32?
OK. did it. I see no difference so far.
> > # __________
> > # | |
> > # | director |
> > # |__________|
> > # DIP=eth0:1 192.168.1.1
> > # |
> > # |
> > # |
> > # --------------------------------------------------
> > # | | | |
> > # | | | |
> > # RIP1=eth0 RIP2=eth0 RIP3=eth0 RIP4=eth0
> > # 192.168.1.2 192.168.1.3 192.168.1.4 192.168.1.5
> > # ______________ ______________ ___________ ___________
> > # | | | | | | | |
> > # | realserver1 | | realserver2 | | rs3 | | rs4 |
> > # |______________| |______________| |___________| |___________|
> >
> > I'm using the LVSCONF_FORMAT=1.1. The lvs_nat.conf
> template suggests an
> > alias for the VIP and the DIP. In this case, I don't think they are
> > 'secondary', but I assumed supplying the alias wouldn't be
> a problem.
>
> This I don't know. I'm not very familiar with Joe's scripts.
I am now using aliases (because thats the way Joe has been testing his
scripts). That cleared one minor problem that I was having.
> > I'm new to this, so please bare with me. I am using
> > VS-NAT, so I assume all traffic comes back through my director.
Without the
> > default GW I don't get any traffic back to my clients. I think
friday's
> > discussion was for VS-TUN??? In install_director_gw() this code
section is
>
> Reading your setup you shouldn't need a DGW at all. Packets from
> VIP:VIPPORT are forwarded to a RS of choice. And they route it back to
> DIP. And it should get masq'd.
>
Ok, I think I cofused you with my diagram above. My "clients" are
actually on a network other than the VIPs network. What I listed above
as "client" is actually the IP address of my router. Sorry if I confused
you. Joe's script removes my default route and doesn't put it back :-(.
I if put in a simple DEFAULT_GW=10.139.60.1 into his script, it works
great(this script makes set-up a piece of cake - thanks Joe)!!!
> > IP Virtual Server version 0.8.2 (size=4096)
> > Prot LocalAddress:Port Scheduler Flags
> > -> RemoteAddress:Port Forward Weight
> ActiveConn InActConn
> > TCP 10.139.60.121:4300 rr
> > -> 192.168.1.5:4300 Masq 1 0 3
> > -> 192.168.1.4:4300 Masq 1 0 3
> > -> 192.168.1.3:4300 Masq 1 0 3
> > -> 192.168.1.2:4300 Masq 1 0 3
>
> Hmm, ok this indicates that the packets at least get back to the
> director. Could you please show me a 'iptables -n -t nat -L'?
OK here it is. Why do I see nothing here?
[root@penguin1 lizambri]# iptables -n -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Thanks,
-Todd
smime.p7s
Description: S/MIME cryptographic signature
|
