Hi Joe,
Actually, no, I'm not very glad my director, and now it seems my
realservers, can't connect to the outside world after running the setup
script. While I understand the need for security, I have the ability to
secure my machines without completely severing them from the internet.
I would suggest that this behavior at least be modifiable in the config.
In my case, I am trying to load balance two machines that are already up
and running under round robin DNS. After getting LVS up and running
correctly, I will need to change the DNS for their services to the new VIP
so the director can take over. I'd like them to keep responding as is
until the load balancing is up and running. I don't have the luxury of
setting LVS up in a clean test environment on unused servers, where
changes to the system have no effect on real services.
I have read the link you provided below and while it makes sense for a
setup where the director and realservers don't need to talk to the world,
my question now is: will adding the default gateway back to the director
and realservers actually *hurt* anything in the LVS setup? Given that I'm
using a two network setup, shouldn't LVS work correctly for the load
balanced services even if I'm providing other services (on a different IP
from the VIP/RIP) to the public on the director/realservers? Or am I
missing some arcane ARP/network config problem?
Thanks,
--jeff
> Joseph Mack PhD, High Performance Computing & Scientific Visualisation
> LMIT, Supporting the EPA Research Triangle Park, NC 919-541-0007 Federal
> Infrastructure Contact-Ravi Nair 919-541-5467 - nair.ravi@xxxxxxx,
> Federal Visualization Contact - Joe Retzer, Ph.D. 919-541-4190 -
> retzer.joseph@xxxxxxx
>
> lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx wrote on 04/13/2005 07:14:01
> PM:
>
>> Hi All,
>>
>> I'm attempting to setup LVS to load balance a couple of servers. I'm
>> following the steps in the mini-HOWTO and everything goes
>> well until I run the rc.lvs_dr script. After running this script on
> the
>> director, my ssh connection drops
>
> the script reconfigures all your IPs and routes. No connections
> are supposed to survive running the setup script.
>
>> and I can't connect to that machine from
>> the outside world.
>
> You should be very glad it doesn't. Read about securing your director.
>
> http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-DR.html#Pearthree
>
> Joe
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>
|