|
I don't have the access to that.
I have decided to try NAT, which I also have trouble with
bond0 - private internal
eth5 - public
inetrnal vip - 192.168.0.199
external vip - 195.b.c.21
lb has 2 interfaces set, one with private including floating ip, one
with public with floating ip.
my keepalived file:
global_defs {
lvs_id lvs_shopto
notification_email {
sharif@xxx
}
notification_email_from keepalived@xxxxxxx
smtp_server smtp.xxx.lan
smtp_connect_timeout 30
lvs_id lb1
}
! vrrp_sync_groups make sure that several router instances
! stay together on a failure - a good example of this is
! that the external interface on one router fails and the backup server
! takes over, you want the internal interface on the failed server
! to failover as well, otherwise nothing will work.
! you can have as many vrrp_sync_group blocks as you want.
vrrp_sync_group VG1 {
group {
VI_public
VI_private
}
}
vrrp_instance VI_public {
state MASTER
interface eth5
lvs_sync_daemon_interface eth5
virtual_router_id 30
priority 200
authentication {
auth_type PASS
auth_pass xxx
}
! how often should we vote, in seconds?
advert_int 1
smtp_alert
virtual_ipaddress {
195.b.c.21/25
}
}
vrrp_instance VI_private {
state MASTER
interface bond0
# lvs_sync_daemon_interface bond0
virtual_router_id 30
priority 200
authentication {
auth_type PASS
auth_pass xxx
}
virtual_ipaddress {
192.168.0.199/24
192.168.0.198/24
}
notify_master "/etc/keepalived/up.sh"
notify_backup "/etc/keepalived/down.sh"
notify_fault "/etc/keepalived/down.sh"
smtp_alert
}
# describe virtual web server
virtual_server 192.168.0.199 80 {
delay_loop 2 # Need to be greater than connect_timeout
# lc = least connected
lb_algo wrr
# DR = Dynamic routing (best)
lb_kind NAT
nat_mask 255.255.255.0
# persistence_timeout 2
protocol TCP
real_server 192.168.0.237 80 {
TCP_CHECK {
connect_timeout 1
# connect_port 80
}
}
real_server 192.168.0.236 80 {
TCP_CHECK {
connect_timeout 1
# connect_port 80
}
}
real_server 192.168.0.235 80 {
TCP_CHECK {
connect_timeout 1
# connect_port 80
}
}
}
# describe virtual web server
virtual_server 192.168.0.199 443 {
delay_loop 2
# lc = least connected
lb_algo wrr
# DR = Dynamic routing (best)
lb_kind NAT
nat_mask 255.255.255.0
# persistence_timeout 50
protocol TCP
real_server 192.168.0.237 443 {
TCP_CHECK {
connect_timeout 1
# connect_port 443
}
}
real_server 192.168.0.236 443 {
TCP_CHECK {
connect_timeout 1
# connect_port 443
}
}
real_server 192.168.0.235 443 {
TCP_CHECK {
connect_timeout 1
# connect_port 443
}
}
}
# describe virtual web server
virtual_server 192.168.0.198 3306 {
delay_loop 2
# lc = least connected
lb_algo wrr
# DR = Dynamic routing (best)
lb_kind NAT
nat_mask 255.255.255.0
# persistence_timeout 50
protocol TCP
real_server 192.168.0.239 4041{
notify_down "/etc/keepalived/up.sh"
TCP_CHECK {
connect_timeout 1
connect_port 4041
# bindto 192.168.0.239
}
}
}
the NAT rule applied on lb1
# Generated by iptables-save v1.4.8 on Mon Jun 6 12:16:00 2011
*filter
:INPUT ACCEPT [1666:115124]
:FORWARD ACCEPT [17:2688]
:OUTPUT ACCEPT [2555:157312]
-A FORWARD -i bond0 -j ACCEPT
COMMIT
# Completed on Mon Jun 6 12:16:00 2011
# Generated by iptables-save v1.4.8 on Mon Jun 6 12:16:00 2011
*nat
:PREROUTING ACCEPT [126:11381]
:POSTROUTING ACCEPT [631:38140]
:OUTPUT ACCEPT [631:38140]
-A POSTROUTING -o eth5 -j MASQUERADE
COMMIT
# Completed on Mon Jun 6 12:16:00 2011
All realserver default gateway pointing to private floating ip
I have used portscanner online and no ports are responding
On 06/06/11 13:38, Sharif Uddin wrote:
> I don't have access to the public router so I have tried using shorewall
> on the loadbalancer, where I have managed to redirect public ip traffic
> > private ip but i cant still seem to get the load balancing to work.
> maybe i'm missing a certain rule, not sure.
>
> in between the public network and private network i do have a dell
> powerconnect 5448 switch but not sure if it is able to do port
> forwarding or how to, can't find good documentation anywhere
>
> On 06/06/11 12:28, Graeme Fowler wrote:
>> On Fri, 2011-06-03 at 12:17 +0100, Sharif Uddin wrote:
>>> how do i go around so that all the traffic from public ip get sent to
>>> vip? i have tried many different iptables rules, which i appleid on lb1
>>> none of which worked :s
>> Is the "public IP" assigned to a router of some type? If so, you do port
>> redirection on *that* device first such that PUBLIC_IP:80 -> VIP:80
>>
>> Graeme
>>
>>
>> _______________________________________________
>> Please read the documentation before posting - it's available at:
>> http://www.linuxvirtualserver.org/
>>
>> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
