|
:( this machine is in production and I cannot turn off my firewall, I'll
try to schedule that for the weekend.
my table shows this:
root@fw1:~# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=1048576)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 201.X.X.25:80 wlc persistent 300
-> 10.1.1.2:80 Masq 0 0 0
(I'm using just one real server to test)
If I do that (drop the firewall, start the virtual server and apply the
firewall rules again)
every time that i have to change any config of the virtual servers i'll
have to do it all again?
Thanks for you help,
Gustavo
Joseph Mack NA3T wrote:
> On Tue, 4 Mar 2008, Gustavo Mateus wrote:
>
>
>> This way did not work. With TCPDUMP I see that the client package
>> reaches the virtual server (VIP 201.X.X.25) an reaches the real server.
>>
>> The problem is that the request gets to the VIP this way:
>> 17:19:24.892819 IP 189.X.X.10.47505 > 201.X.X.25.80: S
>> 3715440259:3715440259(0) win 5840 <mss 1460,sackOK,timestamp 72467850
>> 0,nop,wscale 6>
>> 17:19:24.892929 IP 201.X.X.25 > 189.X.X.10: ICMP 201.X.X.25 tcp port 80
>> unreachable, length 68
>>
>
> ah no it doesn't. The service isn't being
> forwarded. Check your ipvsadm table, turn off your firewall
> rules and try again. When it works, add back your firewall
> rules.
>
> Joe
>
>
|
