|
Mario Mene' wrote:
>
> First a description of the environment.
>
> I'm trying to setup an HA firewall/cache/nat-router
> with only 2 boxes as in ultramonkey streamlined
> configuration.
> (http://www.ultramonkey.org/2.0.0/topologies/sl-ha-lb-overview.html)
>
> On each box i have:
> - 2 NICs (internal & external)
> - Squid on port 3128
> - apache on port 80
> - LVS-DR
> - Forwarfing ON
> - Masquerading rule for outgoing traffic
> - default gateway on external network
>
> each box is separately working the way it should.
it would be easier if you told us how it was working, in
case your idea of "should" turns out to be part of the
problem.
> Using heartbeat/ldirectord i set one box as the
> live director (x.x.x.1) and the other as stand by
> (x.x.x.2)
>
> The VIP (x.x.x.254) is the default GW for my network
> clients.
>
> I use fwmark to mark 0x01 all traffic to 0.0.0.0:80
> (http request to the internet)
> I use fwmark to mark 0x02 all traffic to x.x.x.254:80
> (http request to the cluster)
>
> The cluster supports 2 virtual services for
> fwmark 1 and fwmark 2 both routing to both servers
> (x.x.x.1 and x.x.x.2) using roundrobin policy
>
> I use iptables REDIRECT for x.x.x.254:80 traffic on
> the node
> that doesn't have the VIP (standby director)
just trying to follow here.
why are you accepting packets on the the standby director?
> as in
> 17.3.2
> http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO.transparent_proxy.html#id2878595
>
> - connections to x.x.x.254:80 (apache) are working
> fine
> - connections to 0.0.0.0:80 are not, and this is a
> common problem
since you seem to be up on everything, I assume you know
that TP doesn't work for LVS on unpatched 2.4 kernels.
http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO.transparent_proxy.html#id2879042
Joe
--
Joseph Mack PhD, Senior Systems Engineer, SAIC contractor
to the National Environmental Supercomputer Center,
ph# 919-541-0007, RTP, NC, USA. mailto:mack.joseph@xxxxxxx
|
