|
On Tue, 2003-10-07 at 18:00, lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
wrote:
> Send lvs-users mailing list submissions to
> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://www.in-addr.de/mailman/listinfo/lvs-users
> or, via email, send a message with subject or body 'help' to
> lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>
> You can reach the person managing the list at
> lvs-users-owner@xxxxxxxxxxxxxxxxxxxxxx
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of lvs-users digest..."
>
> ______________________________________________________________________
>
> Today's Topics:
>
> 1. Re: lvs-users Digest, Vol 9, Issue 8 (Oliver)
> 2. Re: lvs problem (Horms)
> 3. Re: Maxium number of VIP's per physical interface. (Horms)
> 4. Re: lvs-users Digest, Vol 9, Issue 8 (Horms)
>
> ______________________________________________________________________
>
> From: Oliver <oliver.rojo@xxxxxxxxxxx>
> To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
> Subject: Re: lvs-users Digest, Vol 9, Issue 8
> Date: 07 Oct 2003 09:15:17 +0800
>
> yes...
>
> On Mon, 2003-10-06 at 18:00, lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> wrote:
> > Send lvs-users mailing list submissions to
> > lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> > http://www.in-addr.de/mailman/listinfo/lvs-users
> > or, via email, send a message with subject or body 'help' to
> > lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> >
> > You can reach the person managing the list at
> > lvs-users-owner@xxxxxxxxxxxxxxxxxxxxxx
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of lvs-users digest..."
> >
> > ______________________________________________________________________
> >
> > Today's Topics:
> >
> > 1. lvs problem (Oliver)
> > 2. Re: lvs problem (Horms)
> > 3. Re: LVS and REDIRECT and Policy Routing [Was: Re: LVS-DR
> > andfwmarksquestion] (Joseph Mack)
> > 4. Re: lvs problem (Joseph Mack)
> >
> > ______________________________________________________________________
> >
> > From: Oliver <oliver.rojo@xxxxxxxxxxx>
> > To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > Subject: lvs problem
> > Date: 06 Oct 2003 11:39:24 +0800
> >
> > My IPs:
> >
> > Here's my setup
> >
> > I have two lvs (lvs1 and 2) servers. I wish to allow users from both
> > outside and inside our network to use ftp service. Of course I have my
> > ftp realserver and a backup ftp server (serves as failover to my ftp
> > server).
> >
> > LVS external interface(eth0) = 176.18.24.2
> > External VIP for FTP and backup-ftp realservers = 176.18.24.1
> > LVS internal interface (eth1) = 10.0.0.2
> > internal VIP our realserver will use as gateway = 10.0.0.1
> > ip_of_ftp_server = 10.0.0.3
> > back_ftp = 10.0.0.4
> >
> > I've used keepalived + ipvsadm here: ipvsadm now says:
> >
> > Prot LocalAddress:Port Scheduler Flags
> > -> RemoteAddress:Port Forward Weight ActiveConn InActConn
> > TCP VIP_of_FTP:ftp rr
> > -> IP_OF_FTP_SERVER:ftp Masq 1 0 0
> > -> IP_OF_BACKUP_SERVER:ftp Masq 1 0 1
> >
> > on my iptable rule i did:
> >
> > iptables -t nat -A PREROUTING -d 10.0.0.1 -p tcp --dport 21 -j DNAT
> > --to-destination 10.0.0.4
> >
> > iptables -t nat -A POSTROUTING -o eth0 -s 10.0.0.0/24 -j MASQUERADE
> >
> >
> > Now when i stop the ftp service on ftp_server, my internal/local users
> > can still access the ftp since keepalived is redirecting the packet into
> > backup_ftp server at port 21 but i can't understand if why users from
> > outside our network cannot use ftp. What seems to be the problem on my
> > setup? Is there anything missing on my config?
> >
> >
> > Please advise... thanks
> >
> >
> >
> >
> >
> >
> >
> >
> > ______________________________________________________________________
> >
> > From: Horms <horms@xxxxxxxxxxxx>
> > To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > Subject: Re: lvs problem
> > Date: 06 Oct 2003 13:17:14 +0900
> >
> > On Mon, Oct 06, 2003 at 11:39:24AM +0800, Oliver wrote:
> > > My IPs:
> > >
> > > Here's my setup
> > >
> > > I have two lvs (lvs1 and 2) servers. I wish to allow users from both
> > > outside and inside our network to use ftp service. Of course I have my
> > > ftp realserver and a backup ftp server (serves as failover to my ftp
> > > server).
> > >
> > > LVS external interface(eth0) = 176.18.24.2
> > > External VIP for FTP and backup-ftp realservers = 176.18.24.1
> > > LVS internal interface (eth1) = 10.0.0.2
> > > internal VIP our realserver will use as gateway = 10.0.0.1
> > > ip_of_ftp_server = 10.0.0.3
> > > back_ftp = 10.0.0.4
> > >
> > > I've used keepalived + ipvsadm here: ipvsadm now says:
> > >
> > > Prot LocalAddress:Port Scheduler Flags
> > > -> RemoteAddress:Port Forward Weight ActiveConn InActConn
> > > TCP VIP_of_FTP:ftp rr
> > > -> IP_OF_FTP_SERVER:ftp Masq 1 0 0
> > > -> IP_OF_BACKUP_SERVER:ftp Masq 1 0 1
> > >
> > > on my iptable rule i did:
> > >
> > > iptables -t nat -A PREROUTING -d 10.0.0.1 -p tcp --dport 21 -j DNAT
> > > --to-destination 10.0.0.4
> > >
> > > iptables -t nat -A POSTROUTING -o eth0 -s 10.0.0.0/24 -j MASQUERADE
> > >
> > >
> > > Now when i stop the ftp service on ftp_server, my internal/local users
> > > can still access the ftp since keepalived is redirecting the packet into
> > > backup_ftp server at port 21 but i can't understand if why users from
> > > outside our network cannot use ftp. What seems to be the problem on my
> > > setup? Is there anything missing on my config?
> >
> > Have you inserted the ip_vs_ftp helper module into the kernel?
> >
> > --
> > Horms
ow... sorry about that... i mean yes... i've already inserted my
ip_vs_ftp module into my kernel. Is there something lacking into my
iptable rules or into my keepalived as you look into my ipvsadm?
> >
> > ______________________________________________________________________
> >
> > From: Joseph Mack <mack.joseph@xxxxxxx>
> > To: LinuxVirtualServer.org users mailing list.
> > <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>, Horms <horms@xxxxxxxxxxxx>
> > Subject: Re: LVS and REDIRECT and Policy Routing [Was: Re: LVS-DR
> > andfwmarksquestion]
> > Date: 06 Oct 2003 05:39:33 -0400
> >
> > Horms wrote:
> > >
> >
> > > TPROXY looks like it would work because it is completely different
> > > from REDIRECT and uses its own connection tracking.
> >
> > can you explain some more? I don't know the difference
> >
> > Thanks JOe
> > --
> > Joseph Mack PhD, High Performance Computing & Scientific Visualization
> > SAIC, Supporting the EPA Research Triangle Park, NC 919-541-0007
> > Federal Contact - John B. Smith 919-541-1087 - smith.johnb@xxxxxxx
> >
> > ______________________________________________________________________
> >
> > From: Joseph Mack <mack.joseph@xxxxxxx>
> > To: LinuxVirtualServer.org users mailing list.
> > <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
> > Subject: Re: lvs problem
> > Date: 06 Oct 2003 05:42:31 -0400
> >
> > Horms wrote:
> >
> > > Have you inserted the ip_vs_ftp helper module into the kernel?
> >
> > I guess I've lost track of which modules get automatically loaded and
> > which don't. What's involved in getting this automatically loaded?
> >
> > Joe
>
>
> ______________________________________________________________________
>
> From: Horms <horms@xxxxxxxxxxxx>
> To: LinuxVirtualServer.org users mailing list.
> <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
> Subject: Re: lvs problem
> Date: 07 Oct 2003 10:13:09 +0900
>
> On Mon, Oct 06, 2003 at 07:13:40AM -0400, Joseph Mack wrote:
> > Horms wrote:
> >
> > > We could make it be loaded it a real service for port 23 is configured.
> > > I'm not that enthusiasic about this as it is an ugly hack.
> > > But it might save people a lot of hassle.
> >
> > we're loading the ip_vs module automatically. Is this any different?
> > (I don't know, just asking).
>
> Yes, though not much :)
>
> --
> Horms
>
> ______________________________________________________________________
>
> From: Horms <horms@xxxxxxxxxxxx>
> To: LinuxVirtualServer.org users mailing list.
> <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
> Subject: Re: Maxium number of VIP's per physical interface.
> Date: 07 Oct 2003 10:16:19 +0900
>
> On Mon, Oct 06, 2003 at 07:39:29AM -0400, Radomski, Mike wrote:
> > Hi all,
> > Is there any maximum number of VIP's per physical interface? I added 4
> > VIP's and everything was ok. When I added one more, to make the total 5, I
> > ran into problems. The 5th interface did not show up as say eth0:4. When I
> > shutdown heartbeat, it then showed up as eth0:1? I had to manually remove
> > it. When I go back down to 4 VIP's everything is stable. I have been
> > running on 4 VIP's for about 2 years w/o incidence.
> >
> > I would like to preface this by saying my configuration is old. 2.4.18
> > kernel, heartbeat-0.4.9-1.um.1 and heartbeat-ldirectord-0.4.9-1.um.1.
> >
> > Thanks for any help in advance. If any one can confirm upgrading will give
> > me more VIP's it would be appreciated.
>
> There may be a limit but it is much higher than 4. That is a pretty
> old version of heartbeat, I don't recall all the changes that
> have been made but the IPAddr management script has been
> updated several time. Try 1.0.4 which is the latest (and greatest)
> stable release.
>
> It can be found at http://www.ultramonkey.org/download/heartbeat/
> (the linux-ha.org web site is still wating for an update).
>
> --
> Horms
>
> ______________________________________________________________________
>
> From: Horms <horms@xxxxxxxxxxxx>
> To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Subject: Re: lvs-users Digest, Vol 9, Issue 8
> Date: 07 Oct 2003 10:42:39 +0900
>
> On Tue, Oct 07, 2003 at 09:15:17AM +0800, Oliver wrote:
> > yes...
>
> Please prune emails and answer underneath whatever
> it is you are replying to.
|
