[lvs-users] ipvs, keepalived, squid don't work together

[Igor Velichkevich <igor.velichkevich@xxxxxxxxx>]

Hello, Lvs-users.

For balancing two ISP to local network I use keepalived, ipvs, squid and
patch http://archive.linuxvirtualserver.org/html/lvs-users/2005-06/msg00102.html
I adopted it for kernel 2.6.31 (may be not right).
All settings below.

Local hosts use 192.168.100.100 as default gateway.
But Internet works only via 192.168.100.1.

I see

root@ubuntubalance:/home/igronin# ipvsadm -L
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.100.100:3128 rr persistent 600
  -> 192.168.100.2:3128           Masq    1      0          0         
  -> 192.168.100.1:3128           Masq    1      0          0

and

IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port               Conns   InPkts  OutPkts  InBytes OutBytes
  -> RemoteAddress:Port
TCP  192.168.100.100:3128                0        0        0        0        0
  -> 192.168.100.1:3128                  0        0        0        0        0
  -> 192.168.100.2:3128                  0        0        0        0        0

but in access.log I see activity.

VRRP works good, but LVS - not.

What I do no right?
What is my fail?

Plz, ask if it need more info.

Thanks!


my schema:
   gw             to inet          to local          squid
192.168.10.1   192.168.10.2   192.168.100.1   192.168.100.100
192.168.20.1   192.168.20.2   192.168.100.2

192.168.100.201 - local network host
192.168.100.202 - local network host

gw       - ISP
to inet  - interfaces on balancer that looks to inet
to local - interfaces on balancer that looks to local network
squid    - balanced default gateway

Logs and preferences here:

=====/etc/network/interfaces================
auto lo eth0 eth0:0 eth1 eth2

iface lo inet loopback

iface eth0 inet static
address 192.168.100.1
netmask 255.255.255.0
network 192.168.100.0

iface eth0:0 inet static
address 192.168.100.2
netmask 255.255.255.0
network 192.168.100.0

iface eth1 inet static
address 192.168.10.2
netmask 255.255.255.0
network 192.168.10.0
gateway 192.168.10.1

iface eth2 inet static
address 192.168.20.2
netmask 255.255.255.0
network 192.168.20.0
gateway 192.168.20.1

=====squid.conf================

#   WELCOME TO SQUID 2.7.STABLE3
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 192.168.0.0/16   # RFC1918 possible internal network
acl SSL_ports port 443      # https
acl SSL_ports port 563      # snews
acl SSL_ports port 873      # rsync
acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443     # https
acl Safe_ports port 70      # gopher
acl Safe_ports port 210     # wais
acl Safe_ports port 1025-65535   # unregistered ports
acl Safe_ports port 280     # http-mgmt
acl Safe_ports port 488     # gss-http
acl Safe_ports port 591     # filemaker
acl Safe_ports port 777     # multiling http
acl Safe_ports port 631     # cups
acl Safe_ports port 873     # rsync
acl Safe_ports port 901     # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl host_eth0 myip 192.168.100.1
acl host_eth00 myip 192.168.100.2
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
icp_access allow localnet
icp_access deny all
http_port 3128 transparent
tcp_outgoing_address 192.168.10.2 host_eth0
tcp_outgoing_address 192.168.20.2 host_eth00
hierarchy_stoplist cgi-bin ?
cache_dir null /tmp
access_log /var/log/squid/access.log squid
cache deny all
refresh_pattern ^ftp:      1440   20%   10080
refresh_pattern ^gopher:   1440   0%   1440
refresh_pattern -i (/cgi-bin/|\?) 0   0%   0
refresh_pattern (Release|Package(.gz)*)$   0   20%   2880
refresh_pattern .      0   20%   4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
server_persistent_connections off
hosts_file /etc/hosts
coredump_dir /var/spool/squid

=====keepalived.conf================

global_defs {
      #notification_email {
      #  igronin@xxxxxx
      #}
      #notification_email_from igronin@xxxxxx
      #smtp_server 82.204.219.180 #smtp.qip.ru
      #smtp_connect_timeout 30
   }

   vrrp_instance VI_1 {
       state MASTER
       interface eth0
       virtual_router_id 51
       priority 100
       advert_int 1
       authentication {
           auth_type PASS
           auth_pass 1111
       }
       virtual_ipaddress {
           192.168.100.100/24
       }
   }

   virtual_server 192.168.100.100 3128 {
       delay_loop 6    
       lb_algo rr
       lb_kind NAT
       nat_mask 255.255.255.0
       persistence_timeout 600
       protocol TCP
       virtualhost 86.57.151.3

       real_server 192.168.100.1 3128 {
           weight 1
           HTTP_GET {
               url {
                 path http://ftp.byfly.by/
                 status_code 200
               }
               connect_timeout 10
               nb_get_retry 3
               delay_before_retry 8
           }
       }

       real_server 192.168.100.2 3128 {
           weight 1
           HTTP_GET {
               url {
                 path http://ftp.byfly.by/
                 status_code 200
               }
               connect_timeout 10
               nb_get_retry 3
               delay_before_retry 8
           }
       }
   }

=====rc.local================

#!/bin/sh -e
#

/home/igronin/ipvs/route.sh

exit 0

=====route.sh================

#!/bin/sh

ip route add 192.168.10.0 dev eth1 src 192.168.10.2 table T1
ip route add default via 192.168.10.1 table T1

ip route add 192.168.20.0 dev eth2 src 192.168.20.2 table T2
ip route add default via 192.168.20.1 table T2

ip route add 192.168.10.0 dev eth1 src 192.168.10.2
ip route add 192.168.20.0 dev eth2 src 192.168.20.2        

#ip route add default via 192.168.10.1       

ip rule add from 192.168.10.2 table T1
ip rule add from 192.168.20.2 table T2        

ip route add 192.168.100.0     dev eth0 table T1
ip route add 192.168.20.0     dev eth2 table T1
ip route add 127.0.0.0/8 dev lo   table T1
ip route add 192.168.100.0     dev eth0 table T2
ip route add 192.168.10.0     dev eth1 table T2
ip route add 127.0.0.0/8 dev lo   table T2

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 
3128

=====/var/log/messages================

Feb 14 15:45:29 ubuntubalance Keepalived_healthcheckers: HTTP status code 
success to [192.168.100.2:3128] url(1).
Feb 14 15:45:35 ubuntubalance Keepalived_healthcheckers: Remote Web server 
[192.168.100.2:3128] succeed on service.
Feb 14 15:45:35 ubuntubalance Keepalived_healthcheckers: Adding service 
[192.168.100.2:3128] to VS [192.168.100.100:3128]
Feb 14 15:46:47 ubuntubalance Keepalived_healthcheckers: Timeout WEB read 
server [192.168.100.1:3128].
Feb 14 15:46:47 ubuntubalance Keepalived_healthcheckers: Removing service 
[192.168.100.1:3128] from VS [192.168.100.100:3128]
Feb 14 15:47:06 ubuntubalance Keepalived_healthcheckers: HTTP status code 
success to [192.168.100.1:3128] url(1).
Feb 14 15:47:12 ubuntubalance Keepalived_healthcheckers: Remote Web server 
[192.168.100.1:3128] succeed on service.
Feb 14 15:47:12 ubuntubalance Keepalived_healthcheckers: Adding service 
[192.168.100.1:3128] to VS [192.168.100.100:3128]
Feb 14 15:47:47 ubuntubalance Keepalived_healthcheckers: Timeout WEB read 
server [192.168.100.2:3128].
Feb 14 15:47:47 ubuntubalance Keepalived_healthcheckers: Removing service 
[192.168.100.2:3128] from VS [192.168.100.100:3128]
Feb 14 15:47:57 ubuntubalance Keepalived_healthcheckers: HTTP status code 
success to [192.168.100.2:3128] url(1).
Feb 14 15:48:03 ubuntubalance Keepalived_healthcheckers: Remote Web server 
[192.168.100.2:3128] succeed on service.
Feb 14 15:48:03 ubuntubalance Keepalived_healthcheckers: Adding service 
[192.168.100.2:3128] to VS [192.168.100.100:3128]
Feb 14 15:48:29 ubuntubalance Keepalived_healthcheckers: Timeout WEB read 
server [192.168.100.1:3128].
Feb 14 15:48:29 ubuntubalance Keepalived_healthcheckers: Removing service 
[192.168.100.1:3128] from VS [192.168.100.100:3128]
Feb 14 15:48:39 ubuntubalance Keepalived_healthcheckers: HTTP status code 
success to [192.168.100.1:3128] url(1).
Feb 14 15:48:45 ubuntubalance Keepalived_healthcheckers: Remote Web server 
[192.168.100.1:3128] succeed on service.
Feb 14 15:48:45 ubuntubalance Keepalived_healthcheckers: Adding service 
[192.168.100.1:3128] to VS [192.168.100.100:3128]

=====access.log================

1266155622.359   8332 192.168.100.2 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266155624.606   9997 192.168.100.1 TCP_MISS/000 0 GET http://ftp.byfly.by/ - 
DIRECT/86.57.151.3 -
1266155635.295   4684 192.168.100.1 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266155639.855   3493 192.168.100.2 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266155651.144   1847 192.168.100.1 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266155656.956   3098 192.168.100.2 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266155669.277   4128 192.168.100.1 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266155680.922   9962 192.168.100.2 TCP_MISS/000 0 GET http://ftp.byfly.by/ - 
DIRECT/86.57.151.3 -
1266155688.751   5470 192.168.100.1 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266155692.955   5992 192.168.100.2 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266155706.712   3958 192.168.100.1 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266155712.349   5393 192.168.100.2 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266155728.560   7847 192.168.100.1 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266155739.772  13419 192.168.100.2 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266155747.620   5056 192.168.100.1 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266155760.812   7036 192.168.100.2 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266155766.514   4891 192.168.100.1 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266155779.411   4598 192.168.100.2 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266155784.202   3686 192.168.100.1 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266155803.414   9999 192.168.100.2 TCP_MISS/000 0 GET http://ftp.byfly.by/ - 
DIRECT/86.57.151.3 -
1266155807.875   9670 192.168.100.1 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266155813.204   3786 192.168.100.2 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266155829.261   7383 192.168.100.1 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266155831.931   4722 192.168.100.2 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266155849.538   3605 192.168.100.2 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266155849.898   6632 192.168.100.1 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266155862.041   3881 192.168.100.202 TCP_MISS/302 473 GET http://onliner.by/ - 
DIRECT/93.84.114.70 text/html
1266155866.587   3046 192.168.100.2 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266155866.976   3068 192.168.100.1 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266155870.908   8865 192.168.100.202 TCP_MISS/504 1448 GET 
http://sitecheck2.opera.com/?host=www.onliner.by&hdn=trlvruEygWbrwfOc7UDFTA== - 
DIRECT/91.203.99.45 text/html
1266155871.741   7980 192.168.100.202 TCP_MISS/200 21151 GET 
http://www.onliner.by/ - DIRECT/93.84.114.70 text/html
1266155874.449   5112 192.168.100.202 TCP_MISS/200 3774 GET 
http://static.onliner.by//js/jquery.timers.js?hello=world - DIRECT/93.84.114.70 
application/x-javascript
1266155885.265   4673 192.168.100.2 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266155885.370  10921 192.168.100.202 TCP_MISS/200 22614 GET 
http://static.onliner.by//js/jquery.smoothDivScroll.js?hello=world - 
DIRECT/93.84.114.70 application/x-javascript
1266155885.438   4460 192.168.100.1 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266155892.423   7053 192.168.100.202 TCP_MISS/200 4287 GET 
http://static.onliner.by//js/ajax_search.js?hello=worl - DIRECT/93.84.114.70 
application/x-javascript
1266155896.421   3961 192.168.100.202 TCP_MISS/200 2813 GET 
http://www.onliner.by/pic/restyle/logo.png - DIRECT/93.84.114.70 image/png
1266155896.433   3973 192.168.100.202 TCP_MISS/200 358 GET 
http://www.onliner.by/pic/s.gif - DIRECT/93.84.114.70 image/gif
1266155896.448   3988 192.168.100.202 TCP_MISS/200 454 GET 
http://static.onliner.by/pic/bg_searchbuts.gif - DIRECT/93.84.114.70 image/gif
1266155896.487   4022 192.168.100.202 TCP_MISS/200 1282 GET 
http://static.onliner.by/pic/search-button.gif?new=new - DIRECT/93.84.114.70 
image/gif
1266155896.502   4031 192.168.100.202 TCP_MISS/200 503 GET 
http://static.onliner.by/pic/restyle/reg-bg.gif - DIRECT/93.84.114.70 image/gif
1266155896.516   4012 192.168.100.202 TCP_MISS/200 485 GET 
http://static.onliner.by/pic/man.gif - DIRECT/93.84.114.70 image/gif
1266155899.782   3334 192.168.100.202 TCP_MISS/200 741 GET 
http://static.onliner.by/pic/restyle/nav-bg.png - DIRECT/93.84.114.70 image/png
1266155899.804   3302 192.168.100.202 TCP_MISS/200 686 GET 
http://static.onliner.by/pic/restyle/new.png - DIRECT/93.84.114.70 image/png
1266155899.823   3307 192.168.100.202 TCP_MISS/200 612 GET 
http://static.onliner.by/pic/restyle/popular-shad.png - DIRECT/93.84.114.70 
image/png
1266155901.396   6638 192.168.100.202 TCP_MISS/200 1265 GET 
http://asd.onliner.by/adframe.php?what=zone:125 - DIRECT/93.84.114.68 text/html
1266155903.302   4032 192.168.100.2 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266155903.364   6943 192.168.100.202 TCP_MISS/200 442 GET 
http://www.onliner.by/pic/ico_doc.gif - DIRECT/93.84.114.70 image/gif
1266155903.560   3778 192.168.100.202 TCP_MISS/200 539 GET 
http://static.onliner.by/pic/ico-mcat1.gif - DIRECT/93.84.114.70 image/gif
1266155903.578   3774 192.168.100.202 TCP_MISS/200 582 GET 
http://static.onliner.by/pic/ico-mcat2.gif - DIRECT/93.84.114.70 image/gif
1266155905.910   6468 192.168.100.1 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266155905.933  11174 192.168.100.202 TCP_MISS/200 740 GET 
http://asd.onliner.by/adframe.php?what=zone:130 - DIRECT/93.84.114.68 text/html
1266155905.960   9472 192.168.100.202 TCP_MISS/200 896 GET 
http://static.onliner.by/pic/restyle/nav-ar.png - DIRECT/93.84.114.70 image/png
1266155907.251   3692 192.168.100.202 TCP_MISS/200 572 GET 
http://static.onliner.by/pic/ico-mcat4.gif - DIRECT/93.84.114.70 image/gif
1266155907.267   3690 192.168.100.202 TCP_MISS/200 537 GET 
http://static.onliner.by/pic/ico-mcat7.gif - DIRECT/93.84.114.70 image/gif
1266155910.135   4176 192.168.100.202 TCP_MISS/200 543 GET 
http://static.onliner.by/pic/ico-mcat10.gif - DIRECT/93.84.114.70 image/gif
1266155910.890  13595 192.168.100.202 TCP_MISS/200 78909 GET http://www.tut.by/ 
- DIRECT/86.57.250.18 text/html
1266155911.055   3804 192.168.100.202 TCP_MISS/200 678 GET 
http://static.onliner.by/pic/restyle/new-shad.png - DIRECT/93.84.114.70 
image/png
1266155912.116  12293 192.168.100.202 TCP_MISS/200 536 GET 
http://static.onliner.by/pic/ico-mcat21.gif - DIRECT/93.84.114.70 image/gif
1266155913.225   3089 192.168.100.202 TCP_MISS/200 533 GET 
http://static.onliner.by/pic/ico-mcat20.gif - DIRECT/93.84.114.70 image/gif
1266155913.451   6183 192.168.100.202 TCP_MISS/200 681 GET 
http://static.onliner.by/pic/ico-mcat270new.gif - DIRECT/93.84.114.70 image/gif
1266155914.327   3272 192.168.100.202 TCP_MISS/200 761 GET 
http://static.onliner.by/pic/ico-mcat150new.gif - DIRECT/93.84.114.70 image/gif

......

1266156143.771   3344 192.168.100.2 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266156153.236  12653 192.168.100.201 TCP_MISS/200 39192 GET 
http://proarena.net/engine/classes/highslide/highslide.js - 
DIRECT/93.84.113.242 application/x-javascript
1266156157.749   4465 192.168.100.201 TCP_MISS/200 2524 GET 
http://proarena.net/templates/proarena/images/tray.gif - DIRECT/93.84.113.242 
image/gif
1266156159.628   6345 192.168.100.201 TCP_MISS/200 7824 GET 
http://proarena.net/templates/proarena/rotator/8.png - DIRECT/93.84.113.242 
image/png
1266156160.745   7094 192.168.100.201 TCP_MISS/304 328 GET 
http://kinoportal-tv.net/uploads/posts/2009-12/1261070911_kinoportal.jpg - 
DIRECT/93.84.118.164 -
1266156161.963   4189 192.168.100.2 TCP_MISS/200 2113 GET http://ftp.byfly.by/ 
- DIRECT/86.57.151.3 text/html
1266156163.200   9919 192.168.100.201 TCP_MISS/200 24807 GET 
http://proarena.net/templates/proarena/images/logo.png - DIRECT/93.84.113.242 
image/png
======================================================================
root@ubuntubalance:/home/igronin# ipvsadm -L
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.100.100:3128 rr persistent 600
  -> 192.168.100.2:3128           Masq    1      0          0         
  -> 192.168.100.1:3128           Masq    1      0          0 
======================================================================
root@ubuntubalance:/home/igronin# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0c:29:d4:61:c1  
          inet addr:192.168.100.1  Bcast:192.168.100.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fed4:61c1/64 Диапазон:Ссылка
          ВВЕРХ BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:192 errors:0 dropped:0 overruns:0 frame:0
          TX packets:881 errors:0 dropped:0 overruns:0 carrier:0
          коллизии:0 txqueuelen:1000 
          RX bytes:24595 (24.5 KB)  TX bytes:95700 (95.7 KB)
          Прервано:18 Base address:0x2000 

eth0:0    Link encap:Ethernet  HWaddr 00:0c:29:d4:61:c1  
          inet addr:192.168.100.2  Bcast:192.168.100.255  Mask:255.255.255.0
          ВВЕРХ BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Прервано:18 Base address:0x2000 

eth1      Link encap:Ethernet  HWaddr 00:0c:29:d4:61:b7  
          inet addr:192.168.10.2  Bcast:192.168.10.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fed4:61b7/64 Диапазон:Ссылка
          ВВЕРХ BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1375 errors:0 dropped:0 overruns:0 frame:0
          TX packets:589 errors:0 dropped:0 overruns:0 carrier:0
          коллизии:0 txqueuelen:1000 
          RX bytes:391644 (391.6 KB)  TX bytes:55695 (55.6 KB)
          Прервано:19 Base address:0x2080 

eth2      Link encap:Ethernet  HWaddr 00:0c:29:d4:61:cb  
          inet addr:192.168.20.2  Bcast:192.168.20.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fed4:61cb/64 Диапазон:Ссылка
          ВВЕРХ BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1275 errors:0 dropped:0 overruns:0 frame:0
          TX packets:499 errors:0 dropped:0 overruns:0 carrier:0
          коллизии:0 txqueuelen:1000 
          RX bytes:340833 (340.8 KB)  TX bytes:46043 (46.0 KB)
          Прервано:19 Base address:0x2400 

lo        Link encap:Локальная петля (Loopback)  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Диапазон:Узел
          ВВЕРХ LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1732 errors:0 dropped:0 overruns:0 frame:0
          TX packetg0LjEx!        
==============================================================================='
root@ubuntubalance:/home/igronin# iptables-save
# Generated by iptables-save v1.4.1.1 on Mon Feb  1 01:15:12 2010
*mangle
:PREROUTING ACCEPT [4989:1450983]
:INPUT ACCEPT [3154:1348458]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3983:851694]
:POSTROUTING ACCEPT [4031:860977]
COMMIT
# Completed on Mon Feb  1 01:15:12 2010
# Generated by iptables-save v1.4.1.1 on Mon Feb  1 01:15:12 2010
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT 
-A INPUT -s 127.0.0.0/8 -i ! lo -j LOG 
-A INPUT -s 127.0.0.0/8 -i ! lo -j DROP 
-A INPUT -d 255.255.255.255/32 -i eth0 -j ACCEPT 
-A INPUT -d 255.255.255.255/32 -i eth0 -j ACCEPT 
-A INPUT -s 192.168.100.0/24 -i eth0 -j ACCEPT 
-A INPUT -s 192.168.100.0/24 -i eth0 -j ACCEPT 
-A INPUT -d 224.0.0.0/4 -i eth0 -p ! tcp -j ACCEPT 
-A INPUT -d 224.0.0.0/4 -i eth0 -p ! tcp -j ACCEPT 
-A INPUT -s 192.168.100.0/24 -i eth1 -j LOG 
-A INPUT -s 192.168.100.0/24 -i eth1 -j DROP 
-A INPUT -s 192.168.100.0/24 -i eth1 -j LOG 
-A INPUT -s 192.168.100.0/24 -i eth1 -j DROP 
-A INPUT -s 192.168.100.0/24 -i eth2 -j LOG 
-A INPUT -s 192.168.100.0/24 -i eth2 -j DROP 
-A INPUT -s 192.168.100.0/24 -i eth2 -j LOG 
-A INPUT -s 192.168.100.0/24 -i eth2 -j DROP 
-A INPUT -d 255.255.255.255/32 -i eth1 -j ACCEPT 
-A INPUT -d 255.255.255.255/32 -i eth2 -j ACCEPT 
-A INPUT -d 192.168.10.2/32 -i eth1 -j ACCEPT 
-A INPUT -d 192.168.10.255/32 -i eth1 -j ACCEPT 
-A INPUT -d 192.168.20.2/32 -i eth2 -j ACCEPT 
-A INPUT -d 192.168.20.255/32 -i eth2 -j ACCEPT 
-A INPUT -d 224.0.0.1/32 -j DROP 
-A INPUT -j LOG 
-A INPUT -j DROP 
-A FORWARD -s 192.168.100.0/24 -d 192.168.100.0/24 -j ACCEPT 
-A FORWARD -s 192.168.100.0/24 -d 192.168.100.0/24 -j ACCEPT 
-A FORWARD -s 192.168.100.0/24 -i eth0 -o eth1 -j ACCEPT 
-A FORWARD -s 192.168.100.0/24 -i eth0 -o eth1 -j ACCEPT 
-A FORWARD -s 192.168.100.0/24 -i eth0 -o eth2 -j ACCEPT 
-A FORWARD -s 192.168.100.0/24 -i eth0 -o eth2 -j ACCEPT 
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A FORWARD -d 192.168.100.0/24 -o eth1 -j LOG 
-A FORWARD -d 192.168.100.0/24 -o eth1 -j DROP 
-A FORWARD -d 192.168.100.0/24 -o eth1 -j LOG 
-A FORWARD -d 192.168.100.0/24 -o eth1 -j DROP 
-A FORWARD -d 192.168.100.0/24 -o eth2 -j LOG 
-A FORWARD -d 192.168.100.0/24 -o eth2 -j DROP 
-A FORWARD -d 192.168.100.0/24 -o eth2 -j LOG 
-A FORWARD -d 192.168.100.0/24 -o eth2 -j DROP 
-A FORWARD -d 224.0.0.1/32 -j DROP 
-A FORWARD -j LOG 
-A FORWARD -j DROP 
-A OUTPUT -o lo -j ACCEPT 
-A OUTPUT -d 255.255.255.255/32 -o eth0 -j ACCEPT 
-A OUTPUT -d 255.255.255.255/32 -o eth0 -j ACCEPT 
-A OUTPUT -d 192.168.100.0/24 -o eth0 -j ACCEPT 
-A OUTPUT -d 192.168.100.0/24 -o eth0 -j ACCEPT 
-A OUTPUT -d 224.0.0.0/4 -o eth0 -p ! tcp -j ACCEPT 
-A OUTPUT -d 224.0.0.0/4 -o eth0 -p ! tcp -j ACCEPT 
-A OUTPUT -d 192.168.100.0/24 -o eth1 -j LOG 
-A OUTPUT -d 192.168.100.0/24 -o eth1 -j DROP 
-A OUTPUT -d 192.168.100.0/24 -o eth1 -j LOG 
-A OUTPUT -d 192.168.100.0/24 -o eth1 -j DROP 
-A OUTPUT -d 192.168.100.0/24 -o eth2 -j LOG 
-A OUTPUT -d 192.168.100.0/24 -o eth2 -j DROP 
-A OUTPUT -d 192.168.100.0/24 -o eth2 -j LOG 
-A OUTPUT -d 192.168.100.0/24 -o eth2 -j DROP 
-A OUTPUT -d 255.255.255.255/32 -o eth1 -j ACCEPT 
-A OUTPUT -d 255.255.255.255/32 -o eth2 -j ACCEPT 
-A OUTPUT -s 192.168.10.2/32 -o eth1 -j ACCEPT 
-A OUTPUT -s 192.168.10.255/32 -o eth1 -j ACCEPT 
-A OUTPUT -s 192.168.20.2/32 -o eth2 -j ACCEPT 
-A OUTPUT -s 192.168.20.255/32 -o eth2 -j ACCEPT 
-A OUTPUT -d 224.0.0.1/32 -j DROP 
-A OUTPUT -j LOG 
-A OUTPUT -j DROP 
COMMIT
# Completed on Mon Feb  1 01:15:12 2010
# Generated by iptables-save v1.4.1.1 on Mon Feb  1 01:15:12 2010
*nat
:PREROUTING ACCEPT [144:20179]
:POSTROUTING ACCEPT [131:8474]
:OUTPUT ACCEPT [308:19547]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 
-A POSTROUTING -s 192.168.100.0/24 -o eth1 -j MASQUERADE 
-A POSTROUTING -s 192.168.100.0/24 -o eth1 -j MASQUERADE 
-A POSTROUTING -s 192.168.100.0/24 -o eth2 -j MASQUERADE 
-A POSTROUTING -s 192.168.100.0/24 -o eth2 -j MASQUERADE 
-A POSTROUTING -o eth1 -j MASQUERADE 
-A POSTROUTING -o eth2 -j MASQUERADE 
COMMIT
# Completed on Mon Feb  1 01:15:12 2010
=============================================================================
root@ubuntubalance:/home/igronin# ip route sh
192.168.10.0 dev eth1  scope link  src 192.168.10.2 
192.168.20.0 dev eth2  scope link  src 192.168.20.2 
192.168.100.0/24 dev eth0  proto kernel  scope link  src 192.168.100.1 
192.168.20.0/24 dev eth2  proto kernel  scope link  src 192.168.20.2 
192.168.10.0/24 dev eth1  proto kernel  scope link  src 192.168.10.2 
169.254.0.0/16 dev eth0  scope link  metric 1000 
default via 192.168.10.1 dev eth1  metric 100 
default via 192.168.20.1 dev eth2  metric 100 
============================================================================
root@ubuntubalance:/home/igronin# ip rule sh
0:   from all lookup local 
32764:   from 192.168.20.2 lookup T2 
32765:   from 192.168.10.2 lookup T1 
32766:   from all lookup main 
32767:   from all lookup default 
==========================================================================
root@ubuntubalance:/home/igronin# ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state 
UNKNOWN qlen 1000
    link/ether 00:0c:29:d4:61:c1 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.1/24 brd 192.168.100.255 scope global eth0
    inet 192.168.100.2/24 brd 192.168.100.255 scope global secondary eth0:0
    inet 192.168.100.100/24 scope global secondary eth0
    inet6 fe80::20c:29ff:fed4:61c1/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state 
UNKNOWN qlen 1000
    link/ether 00:0c:29:d4:61:b7 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.2/24 brd 192.168.10.255 scope global eth1
    inet6 fe80::20c:29ff:fed4:61b7/64 scope link 
       valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state 
UNKNOWN qlen 1000
    link/ether 00:0c:29:d4:61:cb brd ff:ff:ff:ff:ff:ff
    inet 192.168.20.2/24 brd 192.168.20.255 scope global eth2
    inet6 fe80::20c:29ff:fed4:61cb/64 scope link 
       valid_lft forever preferred_lft forever
5: pan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN 
    link/ether 5e:2e:ae:c2:ee:e6 brd ff:ff:ff:ff:ff:ff
==========================================================================

-- 
Best regards,
 Igor Velichkevich                          mailto:igor.velichkevich@xxxxxxxxx


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users