|
On Thu, 25 May 2006, John Oliver wrote:
I have two addresses because, as I understand it, LVS-NAT *must* be
NATed, but I do not want to NAT everything... just the web server.
The only IP:ports NAT'ed are the one's controlled by
ipvsadm. The rest are untouched.
What do you mean by "You could have the service listen to 0.0.0.0 and in
your ipvsadm rules send to the IP on eth0:x"?
your ipvsadm rules on the director...
I didn't know which IP was the one receiving the ip_vs
controlled packets
With things configured as above, a connection from the client to the VIP
just times out after 15 seconds or so. On the director, I can connect
to port 80 of the RIPs. But, the realservers have a default gateway
that's the same as the director... I have a feeling that responses to
should be .. the realservers have a default gw. that is the
director, not the same d.g. as the directory
requests made through the director are getting sent to the default
gateway and not the DIP.
feelings don't count. ask the computer what its d.g. is.
Do I need to do something to force traffic
leaving the director to appear to be from the DIP?
no
FWIW, on the director, I can see InActConn incrementing as I try again
and again. But I never see any connection in netstat on the realserver.
usual explanation is that the packets aren't going through
the DIP.
I've looked at iproute2, but it isn't immediately intuitive.
it's a nightmare.
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
| 