|
If I'm reading it right, I think we already tried that.
I have a server that runs in JBoss. JBoss has several ports bound to a
single IP address. These are for jndi, rmi, jms, etc. I would assue
there are separate threads running to deal with each port. Whatever the
case, the entities behind each port need to talk to each other. I give
JBoss a hostname. This hostname can resolve to a public IP (that my ISP
gave me, is this the VIP?) or the IP of the actual ethernet interface on
the server (the LAN IP, is this the RIP?) If the hostname resolves to
the LAN IP, then JBoss starts fine, but it gives this internal IP to
clients, and they can't connect to the other ports that JBoss has open
because of it. If the hostname resolves to the public IP, then JBoss
doesn't start properly.
On my lan, I have hostnames like <host>.ipvs-priv.unboundtech.com, which
are all handled in /etc/hosts files (small lan). For each host that has
publicly available servers running, I have a corresponding DNS entry of
<host>.unboundtech.com, which resolves to an IP address bound to an
aliased interface (eth0:n) on the NAT box (running ipvs). We want to
give JBoss the public DNS resolvable name, which resolves to a public IP
on the NAT box. The lookup is performed and threads in JBoss can't talk
to each other, because it resolves to the public IP address, and stuff
can't get back in thru the NAT (this is what I want to change). So we
tried putting the DNS name in /etc/hosts with the lan IP. This worked
for JBoss, but JBoss gave that lan IP to clients (clientA in my previous
example) and the clients would try to connect to that LAN ip address for
the other threads (which doesn't work accross the internet).
So I've tried giving JBoss a hostname which, via DNS, resolves to the
public IP on the ipvs box, but via /etc/hosts yields a private lan IP
before going to DNS. I believe this is what the indexing bit in the
HOWTO was suggesting for NAT. It didn't work for me. I need to be able
to give JBoss a hostname which resolves to the public IP address, and
all the threads can talk to each other via that IP address. I don't know
if they are indeed threads or other processes or what. I don't know why
they don't just use localhost or why the server needs to give the client
the IP address it resolved. I just know that this is how it currently
operates, and I'm trying to make it work behind ipvs.
I feel I need to interject that I believe all my problems are be due to
either JBoss or the server running in JBoss. I'm just trying to find a
way to route around those problems.
My ssh example was just that I can't ssh to serverA via the public IP
from a machine on the lan. Traffic can't seem to go from the lan, out to
the NAT, and back in. It can come in from the internet or direct from
the lan.
Sorry for the long emails.
Joseph Mack wrote:
Justin Georgeson wrote:
I'm not sure I stated my problem correctly, the first link was about NFS
and file locking,
look again (below)
Let's say we have clientA coming in from the internet, and clientB
coming from the LAN. Between the two I have a box with ipvs NAT rules.
On the LAN I have serverA. On the NAT box, I have virtual eth interfaces
defined, one is for serverA.
if you're talking about an LVS I don't know what this means. In an LVS-NAT the
VIP is forwarded to the RIPs one of which could be on serverA,
if this is what you mean.
So I forward/NAT ports on that IP to the
relevant port on the lan IP of serverA. There is a DNS name resolvable
to the internet IP of serverA,
but serverA is not on the internet.
and a hostname internal to the LAN, using
/etc/hosts, that resolves to the LAN IP of server A. From clientA, I can
ssh to the public DNS name or its IP address.
do you mean you can ssh to the VIP?
From clientB, I can ssh to
the internal LAN name or its IP address. I can't, from clientB, ssh to
the public DNS name or its IP address.
just so you know, client B can't be a server
http://www.linuxvirtualserver.org/Joseph.Mack/mini-HOWTO/LVS-mini-HOWTO.html#gotchas
Looking at the little diagram below, clientB can *only* ssh to
192.168.10.0/24, and not to an IP/FQDN bound on the public side of
ipvs/NAT.
clientA
|
Internet
|
ipvs/NAT
|
(192.168.10.0/24)
|
serverA,clientB
Now, you might ask, so what? And I would agree. But, I have this
JBoss/Tomcat server
running on serverA?
that this poses a problem for. I need to give it the
FDQN
of what?
when I start it
. If that name resolves to the public IP address
(VIP?), it can't make connections between components. If that name
resolves to the internal LAN IP (RIP?) address, then [external] clients
can't connect to other components because the server gives them that
internal IP address, for which there is no route. I put external in
brackets there because there will never be a case of internal clients.
The server and ipvs are in a rack in a hosting center, in another city.
I'm sorry, there are more "it"s and "that"s in here than I can handle.
If you need to try again, give diagrams with the call from the client and
what you want to have happen in each case, and why it doesn't work.
I take it you want to connect to a private IP or a public IP depending
on where you are calling from. In both cases you need to use the same name.
Can you have different entries in /etc/hosts on the two different clients?
original reply
A similar problem, of indexing, was solved by Ted Pavlic
^^^^^^^
http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO-9.html#ss9.22
Joe
--
Justin Georgeson
UnBound Technologies, Inc.
http://www.unboundtech.com
Main 713.329.9330
Fax 713.460.4051
Mobile 512.789.1962
5295 Hollister Road
Houston, TX 77040
Real Applications using Real Wireless Intelligence(tm)
|
