|
Hi all
Another problem if I may, relating to LVS-NAT (Single network)
OS is Fedora core 5 - kernel 2.6.15-1.2054_FC5 Ipvsadm version: 1.2.1
Network looks like the following (I am testing with one real server at the
moment)
[CIP]192.168.0.100 --> [eth0:1 VIP]192.168.0.2 (Director)[eth0 DIP]
192.168.0.1 --> [eth0 RIP]192.168.0.21
I have set things up in the following way (all machines are located on the
same switch at the moment)
Director:
1 NIC
Eth0 192.168.0.1
Eth0:1 192.168.0.2
Change net.ipv4.ip_forward = 1 in etc/sysctl.conf
Run: service iptables start
Run: iptables -Z
Run: iptables -F
Run: ipvsadm -A -t 192.168.0.2:80 -s wlc
Run: ipvsadm -a -t 192.168.0.2:80 -r 192.168.0.21:80 -m
Run: echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
Run: echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects
Run: echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects
Real server:
1 NIC
Eth0 192.168.0.21
Run: route del -net 192.168.0.0 netmask 255.255.255.0 dev eth0
Behaviour:
When i attempt to retrieve a web page from the virtual IP, everything works
fine, however as mentioned in the
how-to(http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-NAT.html#o
ne_network) I should be able to connect directly to the services on the real
servers that are not being balanced by LVS, this is the problem! Once I have
removed that 192.168.0.0 route, I cannot connect directly to the real
servers for ssh / sftp etc. In this example I am attempting to connect from
[CIP]192.168.0.100 to [RIP]192.168.0.21 with ssh.
Tcp dump on [RIP]192.168.0.21 using: tcpdump host 192.168.0.21 shows nothing
as I attempt to ssh in.
Should I be modifying the routing table to allow a 192.168.0.x client to
connect directly to the real server? If so how?
I have another NIC on the real server if that helps..
Any thoughts anyone?
Thanks in advance,
Ben
|
