LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: [lvs-users] no VIP up on real server? was: Re: arp problem with 2.6.

from [Joseph Mack NA3T] [Permanent Link]
To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] no VIP up on real server? was: Re: arp problem with 2.6.X red hat kernels?
From: Joseph Mack NA3T <jmack@xxxxxxxx>
Date: Thu, 4 Oct 2007 11:59:18 -0700 (PDT) 
On Thu, 4 Oct 2007, Dan Yocum wrote:

> All,
>
> I'm lost.  Things have... changed since I last used LVS back in '02/'03.
> Like someone has re-arranged the furniture and I can't quite figure
> out what has moved.
>
> I've spent several of days reading through the HOW-TO, the mini-HOW-TO,
> and the configure script perldocs and I can't, for the life of me,
> figure out a) why my LVS-DR *is* working and b) why I can't connect to
> 127.0.0.1 on the real servers without specifically allowing connections
> to lo in iptables.

you shouldn't have any iptables rules till you get LVS to 
work.

later ... it would appear (from below) that you're running 
transparent proxy, which would have been helpful to know 
right here.

> On the director, the VIP is up and running.  On the real servers, it
> isn't - not on eth0, nor on lo - and yet I _can_ connect from a client
> to the VIP and I get directed to a real server.  Watching tcpdump on the
> director and the real server I see the packets get redirected on the LVS
> to the real server and the real server back to the client.
>
> So, here's where it gets weird: if I disable the transparent proxy on
> the real servers, I can't connect.  Joe says this shouldn't work,

it doesn't work for the VIP on the director and I'd dropped 
transparent proxy from my mind as being useful. Apparently 
it still works for the VIP on the realserver and I had 
forgotten this.

> yet it is.
>
> I've also configured arptables according to the HOW-TO, but since the TP
> is in place, it's probably hard to tell if they are working correctly.
>
> So, the questions I have are these:
>
> Why don't I need to bring up the VIP on the real servers? Is this
> normal?  Is this expected?

you're going to have to tell me more about your setup before 
I can answer any of this.

>
> And why can't I connect to 127.0.0.1 on the real server without
> specifically allowing connections with iptables?
>
> I put the lvs.cf, director and real server iptables, and real server
> arptables in the following directory for people to peruse and comment on:
>
> http://home.fnal.gov/~yocum/lvs-dr-Oct07/

it would be easier for me if you just described your setup.

Joe

-- 
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [lvs-users] no VIP up on real server? was: Re: arp problem with 2.6.X red hat kernels?, Dan Yocum
Next by Date:  Re: [lvs-users] no VIP up on real server? was: Re: arp problem with 2.6.X red hat kernels?, Con Tassios
Previous by Thread:  [lvs-users] no VIP up on real server? was: Re: arp problem with 2.6.X red hat kernels?, Dan Yocum
Next by Thread:  Re: [lvs-users] no VIP up on real server? was: Re: arp problem with 2.6.X red hat kernels?, Con Tassios
Indexes:  [Date] [Thread] [Top] [All Lists]