LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: Connecting to services not hosted locally.

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Connecting to services not hosted locally.
From: "Dan" <kasper37@xxxxxxxxxxxxx>
Date: Sat, 1 Oct 2005 23:11:19 -0700
> (and Joe rewrote)
>
> > Is there a way to connect from one of the real servers
> > hosting web to the VIP:smtp service?  The problem is that
> > telnet to VIP:smtp from one of the web real servers is
> > going to try to connect to smtp locally,
>
> I think you want to have an LVS'ed webserver and you want
> the webservers then to send mail, via an LVS'ed set of smtp
> servers also operating on the came IP (the VIP) on the same
> realservers.

The way I described it, it would seem so, but I was actually talking about any
virtual service in general.  I believe I'm very close to a solution though.
Here's what we've got so far (brace yourself):

# ip route add x.x.x.70 dev eth1 table local tos 4 scope link src y.y.y.16
# iptables -A PREROUTING -t mangle -p tcp --dport 25 -j TOS --set-tos 4
# ip route ls table all| grep x.x.x.70
x.x.x.70 tos reliability via y.y.y.16 dev eth1  table local  scope link  src
y.y.y.16
local x.x.x.70 dev lo  table local  proto kernel  scope host  src y.y.y.70

These commands are run on the real server (for the sake of brevity I only
included the commands for one real server, but imagine these being run on all
real servers with the correc RIPS substituted for y.y.y.16).  With these rules,
packets are being output to the network as hoped, but the problem is that the
/source/ address is x.x.x.70 instead of the real server's RIP.  If there was a
way to force the kernel to send the request from the real servers RIP, this may
actually work.  Any ideas?

Dan


<Prev in Thread] Current Thread [Next in Thread>