Re: [lvs-users] lvs-users Digest, Vol 89, Issue 3

To:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject:	Re: [lvs-users] lvs-users Digest, Vol 89, Issue 3
From:	Charl Oswald Young <charl@xxxxxxxxxxxxxxxxxx>
Date:	Thu, 03 Jun 2010 14:23:07 +0200

lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx wrote:
> Send lvs-users mailing list submissions to
>       lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>
> To subscribe or unsubscribe via the World Wide Web, visit
>       http://lists.graemef.net/mailman/listinfo/lvs-users
> or, via email, send a message with subject or body 'help' to
>       lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>
> You can reach the person managing the list at
>       lvs-users-owner@xxxxxxxxxxxxxxxxxxxxxx
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of lvs-users digest..."
>   
> ------------------------------------------------------------------------
>
> Today's Topics:
>
>    1.  Can't access Load Balancer IP on port 80 from behind   the LB
>       (Charl Oswald Young)
>    2. Re:  Can't access Load Balancer IP on port 80 from behind the
>       LB (Joseph Mack NA3T)
>    3. Re:  Can't access Load Balancer IP on port 80 from behind the
>       LB (Graeme Fowler)
>    4. Re:  Can't access Load Balancer IP on port 80 from behind the
>       LB (L.S. Keijser)
>   
>
> ------------------------------------------------------------------------
>
> Subject:
> [lvs-users] Can't access Load Balancer IP on port 80 from behind the LB
> From:
> Charl Oswald Young <charl@xxxxxxxxxxxxxxxxxx>
> Date:
> Wed, 02 Jun 2010 17:24:20 +0200
> To:
> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>
> To:
> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>
>
> Hi,
>
> My setup is as follows: I have a firewall which runs LVS and when port 
> 80 traffic hits the Load Balancer (LB) IP it distributes to my two web 
> servers (10.0.0.10 and 10.0.0.20) - pretty regular setup I assume.
>
> Now the problem I'm having is when trying to call a URL (for which the 
> domain points to my LB IP) from behind the LB the request times out. 
> Please note that I didn't setup this infrastructure, but inherited it 
> and my knowledge if LVS is little.
>
> My LVS IP Table rules are:
>
> iptables -t raw -I PREROUTING -d 41.203.2.222 -p tcp --dport 80 -j 
> NOTRACK
> iptables -t filter -I INPUT -d 41.203.2.222 -p tcp --dport 80 -j ACCEPT
> iptables -t filter -I OUTPUT -s 41.203.2.222 -p tcp --sport 80 -j ACCEPT
> iptables -t filter -I FORWARD -d 10.0.0.10/32 -p tcp --dport 80 -j ACCEPT
> iptables -t filter -I FORWARD -d 10.0.0.20/32 -p tcp --dport 80 -j ACCEPT
> iptables -t filter -I FORWARD -s 10.0.0.10/32 -p tcp --sport 80 -j ACCEPT
> iptables -t filter -I FORWARD -s 10.0.0.20/32 -p tcp --sport 80 -j ACCEPT
>
> My ldirectord.cf looks like:
>
> checktimeout=3
> checkinterval=1
> autoreload=yes
> quiescent=yes
>
> virtual=41.203.2.222:80
>        protocol=tcp
>        real=10.0.0.10:80 masq
>        real=10.0.0.20:80 masq
>        scheduler=lc
>        service=http
>
> Given the fact that `telnet 41.203.2.222 80` times out (only) from 
> behind the LB I'm almost certain this is a routing issue, but I allow 
> free flow of port 80 traffic in both directions in my Firehol config. 
> ANY ideas or pointers on how to solve this would be greatly appreciated.
>
> Thanks,
> Charl
>
>
>
> ------------------------------------------------------------------------
>
> Subject:
> Re: [lvs-users] Can't access Load Balancer IP on port 80 from behind 
> the LB
> From:
> Joseph Mack NA3T <jmack@xxxxxxxx>
> Date:
> Wed, 2 Jun 2010 09:01:41 -0700 (PDT)
> To:
> "LinuxVirtualServer.org users mailing list." 
> <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
>
> To:
> "LinuxVirtualServer.org users mailing list." 
> <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
>
>
> On Wed, 2 Jun 2010, Charl Oswald Young wrote:
>
>> Now the problem I'm having is when trying to call a URL (for which the
>> domain points to my LB IP) from behind the LB the request times out.
>
> read the HOWTO about clients on realservers
>
> Joe
>
>
> ------------------------------------------------------------------------
>
> Subject:
> Re: [lvs-users] Can't access Load Balancer IP on port 80 from behind 
> the LB
> From:
> Graeme Fowler <graeme@xxxxxxxxxxx>
> Date:
> Wed, 02 Jun 2010 20:12:12 +0100
> To:
> "LinuxVirtualServer.org users mailing list." 
> <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
>
> To:
> "LinuxVirtualServer.org users mailing list." 
> <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
>
>
> On Wed, 2010-06-02 at 09:01 -0700, Joseph Mack NA3T wrote:
>   
>> read the HOWTO about clients on realservers
>>     
>
> To flesh out Joe's comment, the short answer is: you can't.
>
> The longer answer is: you *might* be able to, but there is no guarantee
> that it will work at all. If it does, there's no guarantee it will
> continue to work.
>
> Feel free to rad through the thread in the HOWTO that Joe mentioned and
> you'll get a handle on why it doesn't generally work.
>
> Graeme
>
>
>
>   
>
> ------------------------------------------------------------------------
>
> Subject:
> Re: [lvs-users] Can't access Load Balancer IP on port 80 from behind 
> the LB
> From:
> "L.S. Keijser" <leon@xxxxxxxx>
> Date:
> Thu, 03 Jun 2010 08:22:23 +0200
> To:
> "LinuxVirtualServer.org users mailing list." 
> <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
>
> To:
> "LinuxVirtualServer.org users mailing list." 
> <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
>
>
> On Wed, 2010-06-02 at 20:12 +0100, Graeme Fowler wrote:
>   
>> On Wed, 2010-06-02 at 09:01 -0700, Joseph Mack NA3T wrote:
>>     
>>> read the HOWTO about clients on realservers
>>>       
>> To flesh out Joe's comment, the short answer is: you can't.
>>
>> The longer answer is: you *might* be able to, but there is no guarantee
>> that it will work at all. If it does, there's no guarantee it will
>> continue to work.
>>
>> Feel free to rad through the thread in the HOWTO that Joe mentioned and
>> you'll get a handle on why it doesn't generally work.
>>     
>
>
> If you don't have too many sites (apache vhosts) configured, you can add
> them to /etc/hosts on the realserver as the RIP or 127.0.0.1. That way a
> wget/curl/whatever started on the realserver will not go through the
> director. 
>
>
> Léon
>
>
>
>   
> ------------------------------------------------------------------------
>
> _______________________________________________
> lvs-users mailing list
> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> http://lists.graemef.net/mailman/listinfo/lvs-users
>   
Thanks Léon!

Awesome workaround - should have thought of this myself :)

Cheers,
Charl

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [lvs-users] lvs-users Digest, Vol 89, Issue 3, Charl Oswald Young <= [lvs-users] please edit posts: [ Was Re: lvs-users Digest, Vol 89, Issue 3, Joseph Mack NA3T Re: [lvs-users] realserver to vip connections discussion, WAS: RE: lvs-users Digest, Vol 89, Issue 3, Fred Clift

Previous by Date:	Re: [lvs-users] Can't access Load Balancer IP on port 80 from behind the LB, Martin Orda
Next by Date:	[lvs-users] please edit posts: [ Was Re: lvs-users Digest, Vol 89, Issue 3, Joseph Mack NA3T
Previous by Thread:	[lvs-users] Can't access Load Balancer IP on port 80 from behind the LB, Charl Oswald Young
Next by Thread:	[lvs-users] please edit posts: [ Was Re: lvs-users Digest, Vol 89, Issue 3, Joseph Mack NA3T
Indexes:	[Date] [Thread] [Top] [All Lists]