|
Tim Cronin wrote:
I've got lvs_nat working with http and ftp
I've got a two nic box on two networks
eth0 is my external interface
So you load balance incoming request (over eth0) and distribute the
incoming traffic after the NAT over eth1 to the RS?
I have the following in my iptables script
modprobe ip_conntrack
modprobe ip_conntrack_ftp
iptables -A INPUT -i eth0 -p tcp ! --syn \
-m state --state NEW -j LOG --log-prefix "IPTABLES SYN: "
Add a --log-tcpflags to see more.
iptables -A INPUT -i eth0 -p tcp ! --syn -m state --state NEW -j REJECT
with these enabled both http and ftp are unavailable.
from the external network and I get log entries.
How do they look like, the log entries I mean?
IIRC the semantic of iptables with your rules you REJECT packets with
the state NEW (every incoming packet). Of course this can't work.
Besides that this is a netfilter issue and not an LVS one. Check the
outgoing ICMP messages from your load balancer with 'tcpdump -nvi eth0
icmp'. If you see one ICMP packet for every request from the Internet to
your box, you know why ;).
Best regards,
Roberto Nibali, ratz
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc
| 