Hi all!
I'm back! (with other silly questions...he he he)
My apologize, I've tried my best to not ask 'general
question' here. I've searched the HOWTO, mailing list
archive, and I found no clues.
OK. I'll follow the standard procedure.
I'm going to setup an LVS-NAT. Here's my (planned)
configuration:
- DIRECTOR
DIP : 192.168.10.53
VIP : 192.168.10.54
RH9, kernel 2.4.21 patched with
linux-2.4.21-ipvs-1.0.10.patch &
hidden-2.4.20pre10-1.diff
It's running ipvsadm v1.21 (compiled with popt and
IPVS v1.0.10)
- RIP1 : 192.168.10.24
Windows Server 2003,
running Telnet service
- CLIENT1 : 192.168.50.204
On DIRECTOR, I did these (just like in the
Mini-HOWTO):
- Turned on ip_forward:
echo "1" > /proc/sys/net/ipv4/ip_forward
- Turned off ICMP redirects:
echo "0" >
/proc/sys/net/ipv4/conf/all/send_redirects
echo "0" >
/proc/sys/net/ipv4/conf/default/send_redirects
echo "0" >
/proc/sys/net/ipv4/conf/eth0/send_redirects
- Brought the VIP to interface eth0:0
ifconfig eth0:0 192.168.10.54 broadcast
192.168.10.255 netmask 255.255.255.0
- Setup ipvsadm:
ipvsadm -A -t VIP:telnet -s rr
ipvsadm -a -t VIP:telnet -r RIP1:telnet -m -w 1
Then when I run ipvsadm, I got these:
IP Virtual Server version 1.0.10 (size=65536)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight
ActiveConn InActConn
TCP VIP:23 rr
-> RIP1:23 Masq 1 0
0
It seems fine, right?
On REALSERVER, I did these:
- Set the default gateway to the DIP (192.168.10.53)
- Deleted all other routes (except for local loopback
of course).
I think it's enough. Right? So, I'm ready for telnet.
But connection cannot be established.
>From I tcpdump, I got:
15:07:12.709141 CLIENT1.1205 > VIP.telnet: S
1429050803:1429050803(0) win 65535 <mss
1460,nop,nop,sackOK> (DF)
15:07:15.759828 CLIENT1.1205 > VIP.telnet: S
1429050803:1429050803(0) win 65535 <mss
1460,nop,nop,sackOK> (DF)
15:07:21.772709 CLIENT1.1205 > VIP.telnet: S
1429050803:1429050803(0) win 65535 <mss
1460,nop,nop,sackOK> (DF)
I did some checks:
- Ping each other. The CLIENT can successfully ping
VIP, DIP, and also the REALSERVER1
- telnet directly from CLIENT1 to REALSERVER1
successfully (is it legal for LVS, BTW?), just to
check that the telnet service is up and running.
May be you would argue the problem is in Windows
Server 2003. I remember Malcolm Turnbull's posting
(2003-10-15). He said that he had LVS-NAT, LVS-DR, and
LVS-Tun work fine with Windows Server 2003.
I have a suspicion. My DIRECTOR is not the real
gateway for 192.168.10/24 network. There's another
one: 192.168.10.115, let's call it GTW. It is the GTW
that directly connect to 192.168.50/24 network (the
CLIENT1's network). So, packets from RIP1 must go
through DIRECTOR first, then GTW in order to reach
CLIENT1's network. Can this be a problem?
IMHO, there's only one requirement for realservers to
work in LVS-NAT: the realservers must know no other
route to go outside, except through the director. So,
it would not a problem if the DIRECTOR is not directly
connected to outside network. Am I right?
I've made sure about this. I've deleted all other
routes from RIP1's routing table. And when I run
traceroute in the RIP1, it's just like what I
expected: the packets always go through DIRECTOR. The
RIP1 never bypasses DIRECTOR.
That's all. Let me know your opinion about this.
Ariyo
__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
|