lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx wrote:
> Send lvs-users mailing list submissions to
> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.graemef.net/mailman/listinfo/lvs-users
> or, via email, send a message with subject or body 'help' to
> lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>
> You can reach the person managing the list at
> lvs-users-owner@xxxxxxxxxxxxxxxxxxxxxx
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of lvs-users digest..."
>
> ------------------------------------------------------------------------
>
> Today's Topics:
>
> 1. Can't access Load Balancer IP on port 80 from behind the LB
> (Charl Oswald Young)
> 2. Re: Can't access Load Balancer IP on port 80 from behind the
> LB (Joseph Mack NA3T)
> 3. Re: Can't access Load Balancer IP on port 80 from behind the
> LB (Graeme Fowler)
> 4. Re: Can't access Load Balancer IP on port 80 from behind the
> LB (L.S. Keijser)
>
>
> ------------------------------------------------------------------------
>
> Subject:
> [lvs-users] Can't access Load Balancer IP on port 80 from behind the LB
> From:
> Charl Oswald Young <charl@xxxxxxxxxxxxxxxxxx>
> Date:
> Wed, 02 Jun 2010 17:24:20 +0200
> To:
> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>
> To:
> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>
>
> Hi,
>
> My setup is as follows: I have a firewall which runs LVS and when port
> 80 traffic hits the Load Balancer (LB) IP it distributes to my two web
> servers (10.0.0.10 and 10.0.0.20) - pretty regular setup I assume.
>
> Now the problem I'm having is when trying to call a URL (for which the
> domain points to my LB IP) from behind the LB the request times out.
> Please note that I didn't setup this infrastructure, but inherited it
> and my knowledge if LVS is little.
>
> My LVS IP Table rules are:
>
> iptables -t raw -I PREROUTING -d 41.203.2.222 -p tcp --dport 80 -j
> NOTRACK
> iptables -t filter -I INPUT -d 41.203.2.222 -p tcp --dport 80 -j ACCEPT
> iptables -t filter -I OUTPUT -s 41.203.2.222 -p tcp --sport 80 -j ACCEPT
> iptables -t filter -I FORWARD -d 10.0.0.10/32 -p tcp --dport 80 -j ACCEPT
> iptables -t filter -I FORWARD -d 10.0.0.20/32 -p tcp --dport 80 -j ACCEPT
> iptables -t filter -I FORWARD -s 10.0.0.10/32 -p tcp --sport 80 -j ACCEPT
> iptables -t filter -I FORWARD -s 10.0.0.20/32 -p tcp --sport 80 -j ACCEPT
>
> My ldirectord.cf looks like:
>
> checktimeout=3
> checkinterval=1
> autoreload=yes
> quiescent=yes
>
> virtual=41.203.2.222:80
> protocol=tcp
> real=10.0.0.10:80 masq
> real=10.0.0.20:80 masq
> scheduler=lc
> service=http
>
> Given the fact that `telnet 41.203.2.222 80` times out (only) from
> behind the LB I'm almost certain this is a routing issue, but I allow
> free flow of port 80 traffic in both directions in my Firehol config.
> ANY ideas or pointers on how to solve this would be greatly appreciated.
>
> Thanks,
> Charl
>
>
>
> ------------------------------------------------------------------------
>
> Subject:
> Re: [lvs-users] Can't access Load Balancer IP on port 80 from behind
> the LB
> From:
> Joseph Mack NA3T <jmack@xxxxxxxx>
> Date:
> Wed, 2 Jun 2010 09:01:41 -0700 (PDT)
> To:
> "LinuxVirtualServer.org users mailing list."
> <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
>
> To:
> "LinuxVirtualServer.org users mailing list."
> <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
>
>
> On Wed, 2 Jun 2010, Charl Oswald Young wrote:
>
>> Now the problem I'm having is when trying to call a URL (for which the
>> domain points to my LB IP) from behind the LB the request times out.
>
> read the HOWTO about clients on realservers
>
> Joe
>
>
> ------------------------------------------------------------------------
>
> Subject:
> Re: [lvs-users] Can't access Load Balancer IP on port 80 from behind
> the LB
> From:
> Graeme Fowler <graeme@xxxxxxxxxxx>
> Date:
> Wed, 02 Jun 2010 20:12:12 +0100
> To:
> "LinuxVirtualServer.org users mailing list."
> <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
>
> To:
> "LinuxVirtualServer.org users mailing list."
> <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
>
>
> On Wed, 2010-06-02 at 09:01 -0700, Joseph Mack NA3T wrote:
>
>> read the HOWTO about clients on realservers
>>
>
> To flesh out Joe's comment, the short answer is: you can't.
>
> The longer answer is: you *might* be able to, but there is no guarantee
> that it will work at all. If it does, there's no guarantee it will
> continue to work.
>
> Feel free to rad through the thread in the HOWTO that Joe mentioned and
> you'll get a handle on why it doesn't generally work.
>
> Graeme
>
>
>
>
>
> ------------------------------------------------------------------------
>
> Subject:
> Re: [lvs-users] Can't access Load Balancer IP on port 80 from behind
> the LB
> From:
> "L.S. Keijser" <leon@xxxxxxxx>
> Date:
> Thu, 03 Jun 2010 08:22:23 +0200
> To:
> "LinuxVirtualServer.org users mailing list."
> <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
>
> To:
> "LinuxVirtualServer.org users mailing list."
> <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
>
>
> On Wed, 2010-06-02 at 20:12 +0100, Graeme Fowler wrote:
>
>> On Wed, 2010-06-02 at 09:01 -0700, Joseph Mack NA3T wrote:
>>
>>> read the HOWTO about clients on realservers
>>>
>> To flesh out Joe's comment, the short answer is: you can't.
>>
>> The longer answer is: you *might* be able to, but there is no guarantee
>> that it will work at all. If it does, there's no guarantee it will
>> continue to work.
>>
>> Feel free to rad through the thread in the HOWTO that Joe mentioned and
>> you'll get a handle on why it doesn't generally work.
>>
>
>
> If you don't have too many sites (apache vhosts) configured, you can add
> them to /etc/hosts on the realserver as the RIP or 127.0.0.1. That way a
> wget/curl/whatever started on the realserver will not go through the
> director.
>
>
> Léon
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> lvs-users mailing list
> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> http://lists.graemef.net/mailman/listinfo/lvs-users
>
Thanks Léon!
Awesome workaround - should have thought of this myself :)
Cheers,
Charl
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|