Jeff wrote:
> I used the following iptables commands on the Director:
>
> iptables -F -t mangle
> iptables -t mangle -A PREROUTING -i eth0 -p tcp -s 0.0.0.0/0 -d
> 90.0.0.35/32 --dport http -j MARK --set-mark 1
> iptables -t mangle -A PREROUTING -i eth0 -p tcp -s 0.0.0.0/0 -d
> 90.0.0.35/32 --dport https -j MARK --set-mark 1
>
> followed by the following ipvsadm commands:
>
> ipvsadm -A -f 1 -s wlc -p 1200
> ipvsadm -a -f 1 -r 192.168.32.1:0 -i
> ipvsadm -a -f 1 -r 192.168.32.6:0 -i
looks OK enough (never done it with :0 for persistence though).
> On the real servers, I entered the following:
>
> ifconfig tunl0 90.0.0.35 netmask 255.255.255.255 broadcast 90.0.0.35 up
> route add -host 90.0.0.35 dev tunl0
OK
I was hoping to try this out today to see what might be wrong, but I probably
won't have time.
> Unfortunately, I'm missing something. I believe it may have to do with the
> lack of a VIP on the Director because when I try and access 90.0.0.35 from
> the client, using tcpdump on eth0 of the Director, I can see the arp request
> for 90.0.0.35, but the Director doesn't answer.
quite reasonably :-)
> Somehow I must need to
> locally route all traffic destined for the VIP to 90.0.0.30 and then
> iptables (Fwmarks) should do its stuff, right?
You have to tell the client/router to send packets for the VIP to the director.
This is mentioned in
http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO-7.html#ss7.10
but could be better explained.
on the client (router) you could try the
$route add -host
or the /etc/ethers method in
http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO-4.html#ss4.2
Joe
--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
|