|
Ok, giving it another try.
This time I am not using UML. I am trying to use 3 machines on the 192.168.10.x
network.
Direcotor's Real IP (DIP): 192.168.10.100
Client IP (CIP): 192.168.10.44
Real Server IP (RIP): 192.168.10.15
Virtual IP (VIP): 192.168.10.111
Default Gateway : 192.168.10.1
Thing's I'm doing from start to finish:
On Director:
----------------------------------------------------------------------------------------
Has 2 nics eth0 (10.1.1.1) and eth1 (192.168.10.100)
1) ifconfig eth1:0 192.168.10.111 netmask 255.255.255.255 broadcast
192.168.10.111 up
2) ipvsadm -A -t 192.168.10.111:ssh -s wlc -p
3) ipvsadm -a -t 192.168.10.111:ssh -r 192.168.10.15:ssh -i -w 3
rouitng table:
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0
224.0.0.0 0.0.0.0 240.0.0.0 U 0 0 0 eth0
0.0.0.0 192.168.10.1 0.0.0.0 UG 0 0 0 eth1
On Realserver:
----------------------------------------------------------------------------------------
I installed the noarp module on my realserver because a) didn't want to
recompile whole
kernel for hidden patch, and b) arp_announce/arp_ignore just doesn't seem to
work right.
Has 1 nic eth0(192.168.10.15)
So to setup my realserver I do this:
1) modprobe noarp
2) noarpctl add 192.168.10.111 192.168.10.15
3) ifconfig tunl0 0 up
4) ifconfig tunl0 192.168.10.111 netmask 255.255.255.255 broadcast
192.168.10.111 up
5) ip_forward = 1
6) tunl0/rp_filter = 0
routing table:
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.10.1 0.0.0.0 UG 0 0 0 eth0
The director and real server is now setup.
On Client:
----------------------------------------------------------------------------------------
>From my client, I attempt "ssh 192.168.10.111", which immediately tells me
"No route to host". My ethereal output tells me:
1) My Director receives a SYN packet from the client, nothing else.
2) My Real Server receives a SYN packet from VIP (the director I'm assuming)
3) Real server says: "Destination unreachable (host administratively
prohibited)" after getting
SYN
4) My Client just says "Destination unreachable (host administratively
prohibited)", but it says
that the source is the VIP and the destination is the CIP. That doesn't
sound right...
Also, from my director, if I try the command "ping -I VIP RIP", it works fine
so long as the
VIP(tunl0)
is not setup on the real server. Is this the correct behavior ?
So to reiterate, I have 3 machines inside of the same network. 1 client, 1
director, 1
realserver.
I'm using the above setup. Still not working. I know my routing is goofed up
somehow. Just have
no idea how. What am I doing wrong ?
Lost and confused,
-R.D.
--- Joseph Mack <mack.joseph@xxxxxxx> wrote:
> redirecting decoy wrote:
>
> >
> > I never see any packets coming from my real server's ip.
>
> you shouldn't. They should be coming from the VIP on the realserver.
> On the realserver, do you have the demon listening on the VIP (if you
> don't you'll get "connection refused", not the symptoms you're getting)
>
> > They all come from
> > source address = VIP. I never see any SYNACK, or ACK, always just SYN.
>
> sounds like routing
>
> Joe
>
> --
> Joseph Mack PhD, High Performance Computing & Scientific Visualization
> LMIT, Supporting the EPA Research Triangle Park, NC 919-541-0007
> Federal Contact - John B. Smith 919-541-1087 - smith.johnb@xxxxxxx
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
|
