>Hi Kim,
>
>I am ready to help you as I am also an idiot. So, that guide will help me
too:)
>
>Regards.
>
>Faruk
Hi Faruk : )
Yes, we can help each other *s*
I would like to make a Idiot's Guide totally stupid-secure so even my mother
could install it : )
Kim
----------------------------------------------
Hi all newbies
Sorry of my english, please write if you dont understand.
I found a nice document on http://mail1.cula.net/cluster/ (LVS/Tunnel
Cluster)
Here is what I did to have it worked on test based.
Please note that my setup is not totally correct (?), but my first gold was
to have some sort of connection and then learn to do it the right way.
My first setup is not yet correct: if I shut down realserver1, connection to
realserver2 is very slow (but it works...)
To the hardcore lvs guys: please inform me if my lvs setup is crazy.
So my first step it to have it to worked and second is to have it controlled
as I want it.
FIRST STEP:
(later I will write totally what I did, then other newbies can have it
worked too (?))
A:
1. I plan to make a test setup, just to have it to run first.
2. Plan to make a lvs_nat setup
3. Have one computer to be the director
4. Have two computers to be the realservers
5. Have one computer to be the client to connect to the director to test
6. I have a firewall (shorewall running on Red Hat 9.0 (kernel 2.4.20-8)
7. My firewall have 3 netcard (net (to isp), loc (to my private computers),
DMZ (to my servers)
8. My director have 2 netcard (one to DMZ zone, one to realservers zone)
9. I test first with http.
10. Realserver one is running http-server with one homepage (called 10.0.0.2
on page)
11. Realserver two is running http-server with one homepage (called 10.0.0.3
on page)
----------------------------------
B: thing I did first
1. Install RH on director and realservers
2. Running http-server on two realservers
3. Make my network working
4. I can ping from director<==>realserver(s) and realserver1<==>realserver2
5. Setup http-server on realserver1 and realserver2 with a test homepage
6. The two homepage is different so it is possible to see different
connection
7. I can browse the two homepages from director and from
realserver1<==>realserver2
8. I have DNAT rules in firewall (DNAT http to director (192.168.1.5))
----------------------------------
C:
My network
ISP
|
net
|
-----------------------------------
| FIREWALL |
| 194.192.xx.xx (net -public ip) |
| 192.168.2.1 (loc) |--- loc ---
| 192.168.1.1 (dmz) |
-----------------------------------
|
|
DMZ
|
| (Switch)
-----------------------------------------------
| | |
| | |
------------------ ----------------- ------------------
| Director | | other server | |other server -n |
|VIP: 192.168.1.5| |ip: 192.168.1.5| | ip: 192.168.1.x|
|GW: 192.168.1.1 | |GW: 192.168.1.1| | GW: 192.168.1.x|
|DIP: 10.0.0.1 | | | | |
|DGW: 192.168.1.5| | | | |
------------------ ----------------- ------------------
|
| (Switch)
-----------------------------
| |
| |
---------------- ----------------
| Realserver1 | | Realserver2 |
|RIP: 10.0.0.2 | |RIP: 10.0.0.3 |
|RGW: 10.0.0.1 | |RGW: 10.0.0.1 |
---------------- ----------------
----------------------------------
D: Install LVS on director
1. Download file:
a: new kernel from www.kernel.org (linux-2.4.21.tar.gz)
b: hidden patch from http://www.ssi.bg/~ja/#hidden
(hidden-2.4.20pre10-1.diff )
c: ipvs from http://www.linuxvirtualserver.org/software/ipvs.html#kernel-2.4
(linux-2.4.21-ipvs-1.0.10.patch.gz)
d: ipvsadm from
http://www.linuxvirtualserver.org/software/ipvs.html#kernel-2.4 (Version
1.0.10) - the ipvsadm is in: ipvs-1.0.10/ipvs/ipvsadm
2. compile new kernel on director with ipvs and hidden patch (some said
hidden patch should not be on director, but I did).
(more text later on how I did compile a new kernel)
3. new kernel boot fine
4. It is still possible to ping and browse director<==>realservers = network
is still working
8. installed ipvsadm
in console where ipvsadm is:
#make
#make install
To test if ipvsadm is installed: #ipvsadm
To learn more ipvsadm: #man ipvsadm
10. My test-setup rules in ipvsadm is:
#ipvsadm -A -t 192.168.1.5:80 -s rr
#ipvsadm -a -t 192.168.1.5:80 -r 10.0.0.2:80 -m
#ipvsadm -a -t 192.168.1.5:80 -r 10.0.0.3:80 -m
#ipvsadm (to see new rules)
11. Finally I did: # etcho "1" > /proc/sys/net/ipv4/ip_forward (dont know
why and what, but a document said so and I tried it..)
E:
TEST LVS
Browse from client (computer on my loc network)
1. browse www.myname.dk - get homepage on realserver 10.0.0.2
2. browse www.myname.dk - get homepage on realserver 10.0.0.3
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.525 / Virus Database: 322 - Release Date: 09-10-2003
|