|
Hi,
I have two LVS-NAT directors (RedHat AS 3.0 w/kernel-smp-2.4.21-15.0.2.EL
kernel) in a failover configuration. There are a variety of real servers
behind these directors.
The problem that occurs is that the static nat explained below ceases to
work after a few hours. It seems the only way to restore proper operation
is to reboot the director.
One of these real servers is a mail server. When the mail server initiates
outgoing connection it needs to use the VIP assigned to it rather than the
ip of the director that NAT on the director defaults to. The RIP of the
mail server is 172.28.1.25 and the VIP is 66.165.220.47 for outgoing
connections and inbound ssh and another VIP is 66.165.220.14 for smtp. The
66.165.220.14 is directed to another real server for pop3 and imap access.
In order to accomplish the static NAT of 172.28.1.25 to 66.165.220.47 I
added the following iptables rule on the directors:
iptables -v -t nat -I POSTROUTING -s 172.28.1.25 \
-j SNAT --to-source 66.165.220.47
The /etc/sysconfig/ha/lvs.cf file has the following entries regarding the
services of the mail server:
virtual mailsmtp.knet.ca_ssh {
active = 1
address = 66.165.220.47 eth0:7
vip_nmask = 255.255.255.192
port = 22
use_regex = 0
load_monitor = none
scheduler = wlc
protocol = tcp
timeout = 6
reentry = 15
quiesce_server = 0
server mailsmtp1.knet.ca {
address = 172.28.1.25
active = 1
weight = 1
}
}
virtual mail.knet.ca_smtp {
active = 1
address = 66.165.220.14 eth0:8
vip_nmask = 255.255.255.192
port = 25
use_regex = 0
load_monitor = none
scheduler = wlc
protocol = tcp
timeout = 90
reentry = 120
quiesce_server = 0
server mailsmtp1.knet.ca {
address = 172.28.1.25
active = 1
weight = 1
}
}
Thanks,
Adi
|
