|
Hi,
My setup is as follows: I have a firewall which runs LVS and when port
80 traffic hits the Load Balancer (LB) IP it distributes to my two web
servers (10.0.0.10 and 10.0.0.20) - pretty regular setup I assume.
Now the problem I'm having is when trying to call a URL (for which the
domain points to my LB IP) from behind the LB the request times out.
Please note that I didn't setup this infrastructure, but inherited it
and my knowledge if LVS is little.
My LVS IP Table rules are:
iptables -t raw -I PREROUTING -d 41.203.2.222 -p tcp --dport 80 -j NOTRACK
iptables -t filter -I INPUT -d 41.203.2.222 -p tcp --dport 80 -j ACCEPT
iptables -t filter -I OUTPUT -s 41.203.2.222 -p tcp --sport 80 -j ACCEPT
iptables -t filter -I FORWARD -d 10.0.0.10/32 -p tcp --dport 80 -j ACCEPT
iptables -t filter -I FORWARD -d 10.0.0.20/32 -p tcp --dport 80 -j ACCEPT
iptables -t filter -I FORWARD -s 10.0.0.10/32 -p tcp --sport 80 -j ACCEPT
iptables -t filter -I FORWARD -s 10.0.0.20/32 -p tcp --sport 80 -j ACCEPT
My ldirectord.cf looks like:
checktimeout=3
checkinterval=1
autoreload=yes
quiescent=yes
virtual=41.203.2.222:80
protocol=tcp
real=10.0.0.10:80 masq
real=10.0.0.20:80 masq
scheduler=lc
service=http
Given the fact that `telnet 41.203.2.222 80` times out (only) from
behind the LB I'm almost certain this is a routing issue, but I allow
free flow of port 80 traffic in both directions in my Firehol config.
ANY ideas or pointers on how to solve this would be greatly appreciated.
Thanks,
Charl
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
