LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: Problem with fallback 127.0.0.1:80

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Problem with fallback 127.0.0.1:80
From: Arnd <m_list@xxxxxxxxx>
Date: Thu, 11 May 2006 14:08:46 +0200
Hi,

Dominik Klein schrieb:
'ipvsadm -L -n' shows the following enrty:

TCP  <public_ip>:80 wlc
-> 127.0.0.1:80 Local 1 0 0 Doesn't this entry must show "masq" on the line with "127.0.0.1" instead of "Local"?

No. Local is fine.

If the servers are up they are in the list with "-> 192.168.1.151 masq 100 0 0". Do I need to set any iptable-rules (masquerading) for beeing able to connect to the fallback-server from the internet?

Normally not. Do you have any other iptables rules on your director that may be blocking this?

The iptables rules allow access to any internal server, port 80 and 443.

Rules for the lo-device are all open:

$IPT -t filter -A INPUT -p all -i lo -j ACCEPT
$IPT -t filter -A OUTPUT -p all -o lo -j ACCEPT

$IPT -t nat -A POSTROUTING -o $WAN_IFACE -j MASQUERADE

I was not setting up the firewall rules so maybe I overlooked one rule. But a dropping firewal should throw away any syn-packets (drop) and while I'm receiving an "reset" it must be anything else.

The tcp-packet arrives on the external interface but it is not redirected to the lo-interface. Is this not a director task?

Arnd

<Prev in Thread] Current Thread [Next in Thread>