[lvs-users] LVS-Nat - access to external ip from internal machines

[George Machitidze <giomac@xxxxxxxxx>]

Hello,

I have a problem with accessing IP's of external balancer machines
from internal machines:

============================
[root@lba2 ~]# service iptables status
Table: mangle
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination

Table: nat
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  10.1.0.0/24          10.1.0.0/24
2    MASQUERADE  all  --  10.1.0.0/24          0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    fail2ban-ProFTPD  tcp  --  0.0.0.0/0            0.0.0.0/0
  tcp dpt:21
2    fail2ban-SSH  tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
state RELATED,ESTABLISHED
5    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
6    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpt:22 state NEW
7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpt:80 state NEW
8   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpt:21 state NEW
9   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpt:20 state NEW
10   REJECT     all  --  0.0.0.0/0            0.0.0.0/0
reject-with icmp-net-unreachable

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain fail2ban-ProFTPD (1 references)
num  target     prot opt source               destination
1    RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain fail2ban-SSH (1 references)
num  target     prot opt source               destination
1    RETURN     all  --  0.0.0.0/0            0.0.0.0/0

================================
this machine has external ip:
100.100.100.1 (real)
100.100.100.3 (vip)

and internal ip:
10.1.0.1 (real)
10.1.0.3 (vip)

and I am running internal servers with ip's:
10.1.0.10
10.1.0.20

so, all incoming connections on lba are forwarded vith ip_vs to
10.1.0.10 and 10.1.0.20 with round-robin option.

if i am accessing it from outside world - everything is going fine, but:

from internal machines i cannot access 100.100.100.3 ip.

can you please help me with this issue and suggest solution? i cannot
understand where may be the problem - in iptables configuration or
somewhere else.

this option prevents some web services to access itselfs via resoved
domain name and because of this i am unable to launch some of sites...

Thank you in advance!

-- 
BR,
George Machitidze

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users