Re: [lvs-users] CentOS 5 apache real servers don't respond

[James Chase <james@xxxxxxxxxxxxxxxxxxx>]

Here it is. The page requests from my browser arrives at the LVS and I 
see it in tcpdump but it doesn't appear to get forwarded to the apache 
real server. The only traffic I see between the apache real server and 
the LVS is the period checks to see if the apache service is running. So 
perhaps there is actually something wrong with the LVS.
*
arptables -L on apache real server:*

Table: filter

Chain IN (policy ACCEPT)

target     source-ip            destination-ip       source-hw          
destination-hw     hlen   op         hrd        pro

DROP       anywhere             192.168.1.174        anywhere           
anywhere           any    any        any        any

Chain OUT (policy ACCEPT)

target     source-ip            destination-ip       source-hw          
destination-hw     hlen   op         hrd        pro

mangle     anywhere             192.168.1.174        anywhere           
anywhere           any    any        any        any       --mangle-ip-s 
192.168.1.153

Chain FORWARD (policy ACCEPT)

target     source-ip            destination-ip       source-hw          
destination-hw     hlen   op         hrd        pro


*lvs.cf*

serial_no = 41

primary = 192.168.1.169

primary_private = 192.168.1.30

service = lvs

backup_active = 1

backup = 192.168.1.171

backup_private = 192.168.1.31

heartbeat = 1

heartbeat_port = 539

keepalive = 6

deadtime = 18

network = direct

nat_nmask = 255.255.255.0

debug_level = NONE

monitor_links = 0

syncdaemon = 0

virtual HTTP {

      active = 1

      address = 192.168.1.174 eth0:1

      vip_nmask = 255.255.255.0

      port = 80

      send = "GET / HTTP/1.0\r\n\r\n"

      expect = "HTTP"

      use_regex = 0

      load_monitor = none

      scheduler = wlc

      protocol = tcp

      timeout = 60

      reentry = 15

      quiesce_server = 1

      server APACHE1 {

          address = 192.168.1.153

          active = 1

          weight = 1

      }

}



*apache real server networking (eth0:2 is the VIP):*

eth0      Link encap:Ethernet  HWaddr 00:50:56:A1:36:11

           inet addr:192.168.1.153  Bcast:192.168.1.255  Mask:255.255.255.0

           inet6 addr: fe80::250:56ff:fea1:3611/64 Scope:Link

           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

           RX packets:353659 errors:0 dropped:0 overruns:0 frame:0

           TX packets:250796 errors:0 dropped:0 overruns:0 carrier:0

           collisions:0 txqueuelen:1000

           RX bytes:65427023 (62.3 MiB)  TX bytes:211251658 (201.4 MiB)

eth0:1    Link encap:Ethernet  HWaddr 00:50:56:A1:36:11

           inet addr:192.168.1.175  Bcast:192.168.1.255  Mask:255.255.255.0

           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth0:2    Link encap:Ethernet  HWaddr 00:50:56:A1:36:11

           inet addr:192.168.1.174  Bcast:192.168.1.255  Mask:255.255.255.0

           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1


On 3/30/2010 5:40 PM, Anoop Bhat wrote:
> I'm assuming you're using arptbles_jf?
>
> Is that setup correctly?
>
> Can you provide the arptables -L output from the real server and the snippet 
> from lvs.cf that applies?
>
>
> Anoop Bhat
>
>
> ________________________________
> From: James Chase<james@xxxxxxxxxxxxxxxxxxx>
> Reply-To: "LinuxVirtualServer.org users mailing 
> list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
> Date: Tue, 30 Mar 2010 16:35:32 -0500
> To:<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
> Subject: Re: [lvs-users] CentOS 5 apache real servers don't respond
>
> For now I am just trying to get a simple html page to load. I am
> listening on all IP's and I did restart apache after adding the Virtual
> IP to my apache real server just to make sure it was listening on that
> IP now as well.
>
> I am using a virtual server setup (many sites on one IP) in apache, if
> it matters.
>
> Anyone have any thoughts about my direct routing concerns and the setup
> for that?
>
> On 3/30/2010 5:11 PM, Anoop Bhat wrote:
>    
>> I also had this issue at one point in time.
>>
>> Are you trying to do SSL virtual servers?
>>
>> I thought I fixed my issue by ensuring that the real apache servers were 
>> listening on all IP addresses on port 80/443.
>>
>> Anoop Bhat
>> Systems Administrator
>> Trustwave
>> 70 W. Madison
>> Chicago, IL, 60602
>> O: 312.873.7446
>> C: 312.925.3271
>>
>>
>>
>> ________________________________
>> From: James Chase<james@xxxxxxxxxxxxxxxxxxx>
>> Reply-To: "LinuxVirtualServer.org users mailing 
>> list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
>> Date: Tue, 30 Mar 2010 16:03:57 -0500
>> To:<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
>> Subject: [lvs-users] CentOS 5 apache real servers don't respond
>>
>> I am trying to setup LVS on CentOS 5.4 using piranha/pulse. Ideally (I
>> think) I would like to do direct routing so that I can still have my
>> real servers (apache machines) able to connect directly to the internet.
>>
>> However, I'm not able to get the apache servers to respond correctly to
>> the Virtual IP requests. From tcpdump it seems like the requests are
>> being forwarded to the real server from the LVS but I don't get the page
>> returned to me in my browser, and I don't see the request being sent out
>> in tcpdump on the apache real server. I believe I have the virtual IP
>> setup correctly on the real server.
>>
>> As a caveat though, if the real server responds and the apache server
>> response goes out on it's external IP (which would be different than the
>> Virual IP) -- isn't my firewall going to block that connection since it
>> is not the IP of the connection I originally tried to establish?
>>
>> I also tried NAT briefly but was not able to get a connection there
>> either. Is NAT the suggested way of doing this? It seems like indirect
>> routing would be inconvenient/difficult if you had many virtual servers
>> on the real apache servers and multiple SSL sites running as well.
>>
>> Thanks,
>> James
>>
>>
>> _______________________________________________
>> Please read the documentation before posting - it's available at:
>> http://www.linuxvirtualserver.org/
>>
>> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>
>>
>>
>>
>> _______________________________________________
>> Please read the documentation before posting - it's available at:
>> http://www.linuxvirtualserver.org/
>>
>> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>
>>      
>
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
>
>
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>    

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users