|
yes...
On Mon, 2003-10-06 at 18:00, lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
wrote:
> Send lvs-users mailing list submissions to
> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://www.in-addr.de/mailman/listinfo/lvs-users
> or, via email, send a message with subject or body 'help' to
> lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>
> You can reach the person managing the list at
> lvs-users-owner@xxxxxxxxxxxxxxxxxxxxxx
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of lvs-users digest..."
>
> ______________________________________________________________________
>
> Today's Topics:
>
> 1. lvs problem (Oliver)
> 2. Re: lvs problem (Horms)
> 3. Re: LVS and REDIRECT and Policy Routing [Was: Re: LVS-DR
> andfwmarksquestion] (Joseph Mack)
> 4. Re: lvs problem (Joseph Mack)
>
> ______________________________________________________________________
>
> From: Oliver <oliver.rojo@xxxxxxxxxxx>
> To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Subject: lvs problem
> Date: 06 Oct 2003 11:39:24 +0800
>
> My IPs:
>
> Here's my setup
>
> I have two lvs (lvs1 and 2) servers. I wish to allow users from both
> outside and inside our network to use ftp service. Of course I have my
> ftp realserver and a backup ftp server (serves as failover to my ftp
> server).
>
> LVS external interface(eth0) = 176.18.24.2
> External VIP for FTP and backup-ftp realservers = 176.18.24.1
> LVS internal interface (eth1) = 10.0.0.2
> internal VIP our realserver will use as gateway = 10.0.0.1
> ip_of_ftp_server = 10.0.0.3
> back_ftp = 10.0.0.4
>
> I've used keepalived + ipvsadm here: ipvsadm now says:
>
> Prot LocalAddress:Port Scheduler Flags
> -> RemoteAddress:Port Forward Weight ActiveConn InActConn
> TCP VIP_of_FTP:ftp rr
> -> IP_OF_FTP_SERVER:ftp Masq 1 0 0
> -> IP_OF_BACKUP_SERVER:ftp Masq 1 0 1
>
> on my iptable rule i did:
>
> iptables -t nat -A PREROUTING -d 10.0.0.1 -p tcp --dport 21 -j DNAT
> --to-destination 10.0.0.4
>
> iptables -t nat -A POSTROUTING -o eth0 -s 10.0.0.0/24 -j MASQUERADE
>
>
> Now when i stop the ftp service on ftp_server, my internal/local users
> can still access the ftp since keepalived is redirecting the packet into
> backup_ftp server at port 21 but i can't understand if why users from
> outside our network cannot use ftp. What seems to be the problem on my
> setup? Is there anything missing on my config?
>
>
> Please advise... thanks
>
>
>
>
>
>
>
>
> ______________________________________________________________________
>
> From: Horms <horms@xxxxxxxxxxxx>
> To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Subject: Re: lvs problem
> Date: 06 Oct 2003 13:17:14 +0900
>
> On Mon, Oct 06, 2003 at 11:39:24AM +0800, Oliver wrote:
> > My IPs:
> >
> > Here's my setup
> >
> > I have two lvs (lvs1 and 2) servers. I wish to allow users from both
> > outside and inside our network to use ftp service. Of course I have my
> > ftp realserver and a backup ftp server (serves as failover to my ftp
> > server).
> >
> > LVS external interface(eth0) = 176.18.24.2
> > External VIP for FTP and backup-ftp realservers = 176.18.24.1
> > LVS internal interface (eth1) = 10.0.0.2
> > internal VIP our realserver will use as gateway = 10.0.0.1
> > ip_of_ftp_server = 10.0.0.3
> > back_ftp = 10.0.0.4
> >
> > I've used keepalived + ipvsadm here: ipvsadm now says:
> >
> > Prot LocalAddress:Port Scheduler Flags
> > -> RemoteAddress:Port Forward Weight ActiveConn InActConn
> > TCP VIP_of_FTP:ftp rr
> > -> IP_OF_FTP_SERVER:ftp Masq 1 0 0
> > -> IP_OF_BACKUP_SERVER:ftp Masq 1 0 1
> >
> > on my iptable rule i did:
> >
> > iptables -t nat -A PREROUTING -d 10.0.0.1 -p tcp --dport 21 -j DNAT
> > --to-destination 10.0.0.4
> >
> > iptables -t nat -A POSTROUTING -o eth0 -s 10.0.0.0/24 -j MASQUERADE
> >
> >
> > Now when i stop the ftp service on ftp_server, my internal/local users
> > can still access the ftp since keepalived is redirecting the packet into
> > backup_ftp server at port 21 but i can't understand if why users from
> > outside our network cannot use ftp. What seems to be the problem on my
> > setup? Is there anything missing on my config?
>
> Have you inserted the ip_vs_ftp helper module into the kernel?
>
> --
> Horms
>
> ______________________________________________________________________
>
> From: Joseph Mack <mack.joseph@xxxxxxx>
> To: LinuxVirtualServer.org users mailing list.
> <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>, Horms <horms@xxxxxxxxxxxx>
> Subject: Re: LVS and REDIRECT and Policy Routing [Was: Re: LVS-DR
> andfwmarksquestion]
> Date: 06 Oct 2003 05:39:33 -0400
>
> Horms wrote:
> >
>
> > TPROXY looks like it would work because it is completely different
> > from REDIRECT and uses its own connection tracking.
>
> can you explain some more? I don't know the difference
>
> Thanks JOe
> --
> Joseph Mack PhD, High Performance Computing & Scientific Visualization
> SAIC, Supporting the EPA Research Triangle Park, NC 919-541-0007
> Federal Contact - John B. Smith 919-541-1087 - smith.johnb@xxxxxxx
>
> ______________________________________________________________________
>
> From: Joseph Mack <mack.joseph@xxxxxxx>
> To: LinuxVirtualServer.org users mailing list.
> <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
> Subject: Re: lvs problem
> Date: 06 Oct 2003 05:42:31 -0400
>
> Horms wrote:
>
> > Have you inserted the ip_vs_ftp helper module into the kernel?
>
> I guess I've lost track of which modules get automatically loaded and
> which don't. What's involved in getting this automatically loaded?
>
> Joe
|
