|
Nick,
Take the iptables SNAT rule out for debugging purposes, it is not
needed for load balancing via LVS (LVS handles its own NAT).
2009/9/2 Nick Couchman <Nick.Couchman@xxxxxxxxx>
>
> The docs on the web site seem to be a little bit out of date, so I figured
> I'd hit the mailing list to try to find some help with my problem. First,
> here's what I'm trying to do:
> - I have a half-dozen Windows-based virtual machines (XEN) that I need to
> load-balance between. In the past, I've been using the direct route method,
> but I've run into some issues - some very strange behavior (like my IPVS
> director deciding to send out RSET packets to all of the clients at seemingly
> random intervals).
> - The IPVS director is also a Xen domU (VM), running SuSE Linux.
>
> Having had issues in the past with the DR method, I decided to try my luck at
> the NAT method. So, I enabled IP forwarding on my director:
> sysctl net.ipv4.ip_forward=1
>
> added a virtual IP address:
> ifconfig eth0:2 <virtual IP>
>
> added an iptables nat rule:
> iptables -t nat -A POSTROUTING -s 172.16.34.0/24 -j SNAT --to-source <virtual
> IP>
>
> and updated the IPVS service table:
> ipvsadm -A -t <virtual IP>:1234 -s wlc
> ipvsadm -a -t <virtual IP>:1234 -r 172.16.34.10:1234 -m -x 1
>
> Inside this particular Windows machine, I set the default route to the IP of
> the directory (172.16.34.1). If I ping an IP address elsewhere on my
> network, packets appear to be routed correctly and a look at the output of
> "iptables -t nat -nvL" shows the packet counters for the rule I added in the
> POSTROUTING table incrementing properly. However, if I try to connect to the
> virtual IP address on the port 1234, the connection never gets established.
> A packet dump shows the traffic going from the source machine (my laptop) to
> the director, and then being passed on the Windows machine. I also see
> return packets from the Windows machine go back to the IPVS director,
> however, after that they just get "lost" - the counters in iptables do not
> increment, nor do the packets ever show up on the outside interface. Is
> there something I'm doing wrong to get this setup to work? I'm following the
> configuration guide for the 2.4 kernel stuff from the linuxvirtualserver.org
> web site, since this is the closest I can find to current kernel versions.
>
> Thanks,
> Nick
>
>
> --------
> This e-mail may contain confidential and privileged material for the sole use
> of the intended recipient. If this email is not intended for you, or you are
> not responsible for the delivery of this message to the intended recipient,
> please note that this message may contain SEAKR Engineering (SEAKR)
> Privileged/Proprietary Information. In such a case, you are strictly
> prohibited from downloading, photocopying, distributing or otherwise using
> this message, its contents or attachments in any way. If you have received
> this message in error, please notify us immediately by replying to this
> e-mail and delete the message from your mailbox. Information contained in
> this message that does not relate to the business of SEAKR is neither
> endorsed by nor attributable to SEAKR.
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
--
Regards,
Malcolm Turnbull.
Loadbalancer.org Ltd.
Phone: +44 (0)870 443 8779
http://www.loadbalancer.org/
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
