|
I'm following up to my previous email because I'm still having some
strange problems with this.
After fixing the problem of having the port and protocol listed in the
SERVICE line I was able to start the virtual server for my LVS IP
(10.80.1.20). As soon as it started, I lost the ability to reach this
machine through the firewall. I could still reach my realservers, so I
sshed into them and was able to connect via rr DR to my realservers
through my virtual server ip. I was also able to connect to my nameserver
(on the same machine as the director) which was on 10.80.1.5 on the same
interface as the virtual server (10.80.1.20).
Does anyone know what might cause a firewall to stop routing packets
intended for the director?
Possibly relevant information:
Original configuration before the problems started:
eth0
eth0->10.80.1.5 (nameserver realserver ip)
eth0:1->10.80.1.41 (apache realserver ip)
eth1
eth1->10.80.1.11 (VIP for bea)
eth1:1->10.80.1.20 (VIP for zope)
eth1:2->10.80.1.30 (reserved but not active VIP for ZEO)
eth1:3->10.80.1.40 (VIP for apache)
Configuration changes which were followed by problems
(first try)
eth0 -> disabled
eth1
eth1->10.80.1.11 (VIP for bea)
eth1:1->10.80.1.20 (VIP for zope)
eth1:2->10.80.1.30 (reserved but not active VIP for ZEO)
eth1:3->10.80.1.40 (VIP for apache)
eth1:4->10.80.1.5 (nameserver realserver ip) (would work)
eth1:5->10.80.1.41 (apache realserver ip) (would not come up with error
SCIOCFLAGS: could not assign requests address)
eth1:6->10.80.1.50 (VIP for MTA (Qmail)) (would not come up with error
SCIOCFLAGS: could not assign requests address)
(second try)
eth0 -> disabled
eth1
eth1->10.80.1.5 (nameserver realserver ip)
eth1:1->10.80.1.11 (VIP for bea)
eth1:2->10.80.1.20 (VIP for zope) (would not come up with error
SCIOCFLAGS: could not assign requests address)
eth1:3->10.80.1.30 (reserved but not active VIP for ZEO) (would not come
up with error SCIOCFLAGS: could not assign requests address)
eth1:4->10.80.1.40 (VIP for apache) (would not come up with error
SCIOCFLAGS: could not assign requests address)
eth1:5->10.80.1.41 (apache realserver ip) (would not come up with error
SCIOCFLAGS: could not assign requests address)
eth1:6->10.80.1.50 (VIP for MTA (Qmail)) (would not come up with error
SCIOCFLAGS: could not assign requests address)
(latest attempt)
eth0 -> disabled
eth1
eth1->10.80.1.5 (nameserver realserver ip) (starts fine. Will work
through firewall as long as 10.80.1.20 isn't up)
eth1:1->10.80.1.11 (VIP for bea) (same as 10.80.1.5)
eth1:2->10.80.1.20 (VIP for zope) (I deleted the ifcfg-eth1:2 file and
this interface is started by rc.lvs_dr with success, but when it comes up
I loose the ability to reach any ip through the firewall)
eth1:3->10.80.1.30 (configuration deleted)
eth1:4->10.80.1.40 (configuration deleted)
eth1:5->10.80.1.41 (configuration deleted)
eth1:6->10.80.1.50 (configuration deleted)
Just to clear things up, let me just post my configuration:
# ________
# | |
# | client |
# |________|
# | CIP=eth1 10.80.1.3 (gateway/firewall)
# |
# | __________
# | | |
# |------| director|
# | |_________|
# | VIP=eth1:2 10.80.1.20/32 (prod-zope-atl)
# | DIP=eth1 10.80.1.5 (ns.dmz-atl.bogus)
# |
# |
# --------------------
# | |
# | |
# ______________ ______________
# | | | |
# | realserver1 | | realserver2 |
# |______________| |______________|
# RIP1=eth1 RIP2=eth1
# 10.80.1.21 10.80.1.22
# prod-zope-atl01 prod-zope-atl02
#
And here are the lines in lvs_dr.conf.one_NIC_one_network_matt
LVSCONF_FORMAT=1.1
LVS_TYPE=VS_DR
INITIAL_STATE=on
CLEAR_IPVS_TABLES=yes
VIP=eth1:2 prod-zope-atl.dmz-atl.bogus 255.255.255.255 10.80.1.255
#I also tried the below:
#VIP=eth1:2 10.80.1.20 255.255.255.255 10.80.1.255
DIP=eth1 ns.dmz-atl.bogus 10.80.1.0 255.255.255.0 10.80.1.255
#I also tried the below:
#DIP=eth1 10.80.1.5 10.80.1.0 255.255.255.0 10.80.1.255
SERVICE=t http 8080 rr 10.80.1.21 10.80.1.22
SERVER_VIP_DEVICE=lo:1
SERVER_NET_DEVICE=eth1
SERVER_GW=10.80.1.3
> parse_hostname: error: gethostbyname failure - Couldn't lookup hostname
rr
I don't have many previous emails here about your configuration, but I'm
guessing rr is 'round robin', the scheduling policy. This is being read as
a
hostname for some reason?
Jeremy
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
|
