|
Dear LVS Users,
First of all, thank you for the excellent product
I am a bit stuck. I would apreciate some of you experts have a look at this.
I have 2 machines (they are in different datacenters):
############# SETUP ############################################
Both machines use:
RHEL6 x64 2.6.32-131.0.15.el6.x86_64
iptables v1.4.7
IP Virtual Server version 1.2.1 (size=4096)
MACHINE 1
1.1.1.1 (eth0)
1.1.1.3 secondary ip (ip addr add 1.1.1.3 dev eth0)
MACHINE 2
2.2.2.2 (eth0)
2.2.2.3 secondary ip (ip addr add 2.2.2.3 dev eth0)
############# PURPOSE ###########################################
I am trying to have ip 1.1.1.3 accessible on MACHINE 2 (in its simplest
explanation)
############# COMMANDS ##########################################
On MACHINE 1, I run:
iptables -F
iptables -F -t mangle
iptables -A INPUT -p tcp -j ACCEPT
iptables -A INPUT -p udp -j ACCEPT
iptables -t mangle -A PREROUTING -i eth0 -p tcp -d 1.1.1.3 -m state ! --state
ESTABLISHED -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -i eth0 -p udp -d 1.1.1.3 -m state ! --state
ESTABLISHED -j MARK --set-mark 1
ipvsadm -C
ipvsadm -A -f 1 -s rr
ipvsadm -a -f 1 -r 2.2.2.2 -i
On MACHINE 2, I run:
service iptables stop
modprobe ipip
ip addr add 1.1.1.3/32 dev tunl0
ip link set tunl0 up arp off
nc -l -v -D 23
############# LOGS ################################################
On MACHINE 1:
tcpdump -lnnn host 2.2.2.2
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
05:41:35.367295 IP 1.1.1.1 > 2.2.2.2: IP cl.ie.nt.IP.53178 > 1.1.1.3.23: Flags
[S], seq 64858347, win 8192, options [mss 1400,nop,wscale 8,nop,nop,sackOK],
length 0 (ipip-proto-4)
05:41:38.369261 IP 1.1.1.1 > 2.2.2.2: IP cl.ie.nt.IP.53178 > 1.1.1.3.23: Flags
[S], seq 64858347, win 8192, options [mss 1400,nop,wscale 8,nop,nop,sackOK],
length 0 (ipip-proto-4)
05:41:44.374032 IP 1.1.1.1 > 2.2.2.2: IP cl.ie.nt.IP.53178 > 1.1.1.3.23: Flags
[S], seq 64858347, win 8192, options [mss 1400,nop,nop,sackOK], length 0
(ipip-proto-4)
ipvsadm -L -n --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes
-> RemoteAddress:Port
FWM 1 5 13 0 760 0
-> 2.2.2.2:0 5 13 0 760 0
On MACHINE 2:
tcpdump -lnnn -i tunl0 host cl.ie.nt.IP
listening on tunl0, link-type RAW (Raw IP), capture size 65535 bytes
05:32:15.694994 IP cl.ie.nt.IP.52809 > 1.1.1.3.23: Flags [S], seq 4020678079,
win 8192, options [mss 1400,nop,wscale 8,nop,nop,sackOK], length 0
05:32:18.703968 IP cl.ie.nt.IP.52809 > 1.1.1.3.23: Flags [S], seq 4020678079,
win 8192, options [mss 1400,nop,wscale 8,nop,nop,sackOK], length 0
05:32:24.710999 IP cl.ie.nt.IP.52809 > 1.1.1.3.23: Flags [S], seq 4020678079,
win 8192, options [mss 1400,nop,nop,sackOK], length 0
tcpdump -lnnn -i eth0 host 1.1.1.1
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
05:29:48.719022 IP 1.1.1.1 > 2.2.2.2: IP cl.ie.nt.IP.52711 > 1.1.1.3.23: Flags
[S], seq 2945894575, win 8192, options [mss 1400,nop,wscale 8,nop,nop,sackOK],
length 0 (ipip-proto-4)
05:29:51.730887 IP 1.1.1.1 > 2.2.2.2: IP cl.ie.nt.IP.52711 > 1.1.1.3.23: Flags
[S], seq 2945894575, win 8192, options [mss 1400,nop,wscale 8,nop,nop,sackOK],
length 0 (ipip-proto-4)
05:29:57.737162 IP 1.1.1.1 > 2.2.2.2: IP cl.ie.nt.IP.52711 > 1.1.1.3.23: Flags
[S], seq 2945894575, win 8192, options [mss 1400,nop,nop,sackOK], length 0
(ipip-proto-4)
######################################################################
No matter what I do, I am not able to connect to netcat on MACHINE2 when I try:
telnet 1.1.1.3 <enter>
I don't think DC is blocking packets. Doing "traceroute -s 1.1.1.3
some.other.ip" showed that "some.other.ip" indeed saw connections coming from
1.1.1.3
I would be eternally grateful if someone can help.
Jenny
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
