RE: Problem loadbalancing email servers

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	RE: Problem loadbalancing email servers
From:	"Owens, Ron" <ron.owens@xxxxxxxxxxxx>
Date:	Mon, 4 Dec 2006 15:10:02 -0000

Graeme,

Output as requested. As you can see from the iptables output, I have
been trying different combinations out source and destination (I don't
really know much about iptables etc !!! its obvious)

Also, as the RIP box is OpenVMS, I don't have any control over the IP
configuration. Also, these are just test servers to prove the concept.
The live MTA boxes are Ironport boxes and you can't get down to this
level of configuration. 

Thanks for you help ...

ldir1:~ # ipvsadm -L -n
IP Virtual Server version 1.2.0 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  140.203.7.80:80 wrr
  -> 140.203.7.83:80              Route   1      0          0         
TCP  140.203.7.80:25 rr
  -> 140.203.7.16:25              Route   1      0          0         
  -> 140.203.9.96:25              Route   1      0          0         
TCP  140.203.7.80:443 wrr
  -> 140.203.7.83:443             Route   1      0          0         
ldir1:~ #
ldir1:~ # iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  140.203.7.16         140.203.7.81        tcp spt:25
dpts:1024:65535 flags:!0x16/0x02 
ACCEPT     tcp  --  140.203.7.81         140.203.7.16        tcp spt:25
dpts:1024:65535 flags:!0x16/0x02 
ACCEPT     tcp  --  140.203.7.80         140.203.7.16        tcp spt:25
dpts:1024:65535 flags:!0x16/0x02 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

-----Original Message-----
From: lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx
[mailto:lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Graeme
Fowler
Sent: 01 December 2006 16:55
To: LinuxVirtualServer.org users mailing list.
Subject: Re: Problem loadbalancing email servers

On 01/12/2006 16:47, Owens, Ron wrote:
> There's no firewall between the director and the cluster nodes. They
> work with http and squid with no modification.

Right, but is there a firewall ruleset on the director, or in front of 
it somewhere? An ICMP Host Unreachable error is being generated 
somewhere, and as it's one of the most common targets for iptables (-j 
REJECT) it makes me think the obvious.

> The RIP of the director is 140.203.7.81
> The IP of the mail server is 140.203.7.16

I can't reach either of them, via ICMP, IP or TCP.

> I tried adding:
> 
> iptables -A INPUT -i eth0 -p tcp ! --syn -s 140.203.7.81 --sport 25 -d
> 140.203.7.16 --dport 1024:65535 -j ACCEPT
> 
> but this didn't help .... 

Umm... I don't think it will. If I read that correctly you're ACCEPTING 
packets coming in on eth0 which are TCP and aren't SYNs, from 
140.203.7.81 where the source port is 25 and the dest ports are 
unprivileged. I'd expect to only see that end of a connection on a 
remote client...

Anyway, please provide:

1. Output from "ipvsadm -L -n" on the director
2. Output from "iptables -L -n" on the director
3. Output from "iptables -L -n" on the realserver(s)

Graeme

<Prev in Thread]	Current Thread	[Next in Thread>
Problem loadbalancing email servers, Owens, Ron Re: Problem loadbalancing email servers, Graeme Fowler RE: Problem loadbalancing email servers, Owens, Ron Re: Problem loadbalancing email servers, Graeme Fowler RE: Problem loadbalancing email servers, Owens, Ron <=

Previous by Date:	Re: Lots of ActiveConn very few InActConn, Jaroslav Libák
Next by Date:	Re: LVS 4 server setup with directors running on gateway shorewall servers, Malcolm
Previous by Thread:	Re: Problem loadbalancing email servers, Graeme Fowler
Next by Thread:	Fwd: Problem Installation IPVSADM-1.24, Fabricio Oliveira
Indexes:	[Date] [Thread] [Top] [All Lists]