Hi all,
I currently test the lvs system for a SMTP gateway to filter all incoming
and outgoing mails.
For the moment, my servers run Postfix (and later spamassassin + amavis)
with Kernel 2.4.19 and the ipvs & hidden patches (idem for the director).
Here are some infos about my topology :
I use LVS-DR with 1 director and 2 real servers :
Director
VIP=eth0:185 192.168.225.185/32
DIP=eth0:182 192.168.225.182
Real servers
RIP1=eth0 192.168.225.183
RIP2=eth0 192.168.225.184
My lvs_dr.conf
#----------lvs_dr.conf----------------------------------------
LVSCONF_FORMAT=1.1
LVS_TYPE=VS_DR
INITIAL_STATE=on
CLEAR_IPVS_TABLES=yes
#VIP line format - device[:alias] IP netmask broadcast
#To help avoid namespace collisions with other VIPs, I set alias=last number
of VIP (here 110).
#note: for VS-DR, VS-Tun, the IP is in a /32 network
VIP=eth0:185 192.168.225.185 255.255.255.255 192.168.225.185
#DIP line format - device[:alias] IP network netmask broadcast
DIP=eth0:182 192.168.225.182 192.168.225.0 255.255.255.0 192.168.225.255
#no DIRECTOR_GW for VS-DR or VS-Tun
#DIRECTOR_GW=
#SERVICE line format - proto port scheduler IP[,weight] [IP[,weight]]
SERVICE=t smtp rr 192.168.225.183 192.168.225.184
#SERVICE=t ftp rr RS1,1 RS2,2
#SERVICE=t http rr RS1 RS2
SERVER_VIP_DEVICE=lo:185
SERVER_NET_DEVICE=eth0
#SERVER_GW - packets with src_addr=VIP, dst_addr=0/0 are sent to SERVER_GW
#to be forwarded to the outside world.
#For standard VS-DR,VS-Tun, this must _NOT_ be the director.
#For Julian's martian modification (see the HOWTO), it will be the director.
#If you don't know about the martian modification, you aren't using it.
#The script will not neccesarily set up the SERVER_GW as the real-servers's
default gw.
SERVER_GW=192.168.225.250
#----------end lvs_dr.conf------------------------------------
This works nearly fine (connection and load balancing) and I can relay mails
to the SMTP server in the same network.
But, my virtual problem is :
- The real servers are unable to pass through the gateway to contact other
networks : I'm unable to connect to Internet and so to deliver outgoing
mails :(
The maillog ouput : Network unreachable.
So, I manually add the default gateway with
#route add default gw 192.168.225.250
And now, I have no answer from the remote host (with tcpdump, I see my
server trying to connect to the remote smtp port but without response)
I can't ping hosts in other networks.
If I do a ip route show table RIP on the 2nd real server :
192.168.225.0/24 dev eth0 scope link src 192.168.225.184
default via 192.168.225.182 dev eth0
and a ip route show table VIP :
default via 192.168.225.250 dev eth0
Without lvs, my gateway works fine, so this is not a postfix configuration
problem.
My gateway is 2 Cisco routers with HSRP (192.168.225.250 is the "virtual"
IP).
Any help would be very appreciated.
Regards
Laurent
|