LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: Accessing lvs service from the NAT router

from [Ian Millsom] [Permanent Link]
To: "lvs-users@xxxxxxxxxxxxxxxxxxxxxx" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Accessing lvs service from the NAT router
From: Ian Millsom <ian@xxxxxxxxxxxxxxxxxxxx>
Date: Sat, 15 Feb 2003 18:47:02 +1100 (EST) 
Sorry for lateness in reply...

> On Wed, 12 Feb 2003, Ian Millsom wrote:
> > Yes and no. 2.4 kernels support internal nat connections.
> > CONFIG_IP_NF_NAT_LOCAL=y
> > You MUST be using iptables, as ipchains will not work with this as the
> > options is only applicable to iptables.
> > I have this working on the realservers, but not tested on the director
> > itself.
> 
> Can you elaborate on this?

Sure..
Ill do a quick drawing of the network in particular that I have it going.
The reason I was looking for this was because our office uses a adsl 
connection between it and the data centre. We then were on the inside of 
the LVS, and could not access any of the services on it, unless we created 
an entry (or run a ns for internal) in the hosts file on the machine that 
you were working on in the office to point directly to the internal ip 
address of one of the realservers.

       [Data centre]
            |
        [firewall]
            |
         [switch]--------(Routable IP Addresses)
         /      \
  [director1][director2]------ eth0(203.x.x.x)/eth1(10.x.x.x) on both
         \      /              (Proxy arp enabled)
         [switch]--------(Non routable IP addresses)
         /      \---------+------+
[rs1] [rs2] [rs3] [rs4]   |      |
                        [NAS1] [NAS2]----- adsl vpn connection to office
                                 |------- (Here I created a tunnel between
                                 |         the office and the data centre)
                          [Office FW/Router]
                                 |
                              [switch]
                             /
                          [office machines]

> 
> I'm using that option, but I'm not understanding how it'd let me connect
> from a realserver to the virtual ip.. or is that not what you're doing?

Basically the directors now run a 2.4.20 kernel (Only one I have this 
working on so far).
Basics of rules are:

iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

None :)
Now I not gone through kernel code, or doco heaps but here is my basic 
understanding of it how it is working..

But basically request goes to director from inside, internal nat kicks in 
and puts the connection through the director and redirects back to 
realserver inside.

There was no special config I had to do in order to get it working other 
than having it enabled in the kernel

Regards

Ian Millsom
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: masq problem, Andy Elacion, Jr.
Next by Date:  Re: Large HTTP Uploads timeout, Roberto Nibali
Previous by Thread:  Re: Accessing lvs service from the NAT router, Nate Carlson
Next by Thread:  Re: Accessing lvs service from the NAT router, Nate Carlson
Indexes:  [Date] [Thread] [Top] [All Lists]