|
lists wrote:
> Steve,
>
> The joy of banging ones head against a wall :-).
>
It feels great when you stop...
There was nothing wrong with my LVS-NAT config in the first place.
> You don't have an internal VIP or floating IP. (you need one)
>
I tried both; with one director only and one realserver only and with
two directors and a floating IP.
The config I posted initialy to the list was with two directors and a
floating internal IP for a default route plus a floating VIP.
As it turns out, there were two issues here.
On the one hand, Joseph hadn't actually verified that my config was
faulty. I think he had assumed that I hadn't read the HOWTO and he
dismissed my problems as lack of understanding of LVS-NAT.
So there was no reality check to tell me 'yes your config makes sense,
should work, something else must be wrong'.
On the other hand, I omitted to mention that I was running this in XEN
virtualisation. I read through the mailing list archives several times
and caught this after posting to the list and having forced myself read
through the archives yet *again*.
The two sets of LVS-NAT config files which I posted to the list were
quite correct and would have worked, something Joseph might have noticed
had he glanced at them.
Once I fixed the TCP checksum issue on the realservers everything came
right:
http://archive.linuxvirtualserver.org/html/lvs-users/2007-08/msg00075.html
> Add an internal VIP to your haresources file (this must be the default
> gateway for the clients.)
>
> Test traffic can ONLY come from the outside to the outside VIP it is
> then NAT'd to the real server that responds to the internal VIP.
>
> ip_forwarding must be enabled
>
> No iptables rule what soever.
>
> Do a test from outside check the ipvsadm -Lnc output (should see
> established connections.)
>
>
> Oh and change check type to 'on' in ldirectord for testing purposes i.e.
> always on no health checks.
>
|
