LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: [lvs-users] LVS and Nat question

from [gary . gardner] [Permanent Link]
To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] LVS and Nat question
Cc: gary.gardner@xxxxxxxxxxxxxxxxxx
From: gary.gardner@xxxxxxxxxxxxxxxxxx
Date: Thu, 25 Oct 2012 23:03:11 -0600 
>
> On 10/23/12 9:12 PM, gary.gardner@xxxxxxxxxxxxxxxxxx wrote:
>> I thought with the DR that the backend web servers had to have real IP's
>> so they could get out to the Internet?  I had tried that and that didn't
>> seem to work, but maybe it's just me.
> Depends how your network is configured. If your real IP is 10.1.1.1 and
> your internal range is 192.168.1.0/24, then your traffic to the real
> servers will be entirely on 10.1.1.1 so as long as you're not doing any
> NAT of that traffic you should be okay.
>
> What about using the real IP didn't work? Where did the packets end up?
>>
>> So the VIP should be a 192.x.x.x, yes even for the DR?  Is my
>> configuration just fubar'd?
> The VIP for DR is your external IP.
>
> It would be helpful if you slimmed down your config to one real server
> and maybe ran tcpdump on it so you can see if traffic is even making it
> to the backend.
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>

I think I am really dense or something because I cannot get this to work. 
Having said that, here is my configuration for doing Direct instead of NAT
since it was suggested.

The VIP is an external IP that I can ping.  The real web servers are on a
192.168.0.xxx subnet.  The VIP machine has eth1 that is on the
192.168.0.xxx subnet and I can see the pulse getting to those servers. 
What I cannot get is anything responding on 80.  It's as if the firewall
isn't letting traffic in or nothing is listening on 80.

So, if possible, tell me what to look for and what to check.  Thanks

cat /etc/sysconfig/ha/lvs.cf
serial_no = 15
primary = 98.190.148.186
service = lvs
network = direct
debug_level = NONE
virtual www {
     active = 1
     address = 98.190.148.186 eth0:1
     vip_nmask = 255.255.255.255
     port = 80
     send = "GET / HTTP/1.0\r\n\r\n"
     expect = "HTTP"
     use_regex = 0
     load_monitor = none
     scheduler = wlc
     protocol = tcp
     timeout = 6
     reentry = 15
     quiesce_server = 1
     server web1 {
         address = 192.168.0.201
         active = 1
         weight = 1
     }
     server web2 {
         address = 192.168.0.202
         active = 1
         weight = 1
     }
}

iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
dpt:http
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
dpt:nfs
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
dpt:https
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
dpt:servistaitsm
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
dpt:apertus-ldp
REJECT     all  --  anywhere             anywhere            reject-with
icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere            reject-with
icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.0     *               255.255.255.0   U     0      0        0 eth1
link-local      *               255.255.0.0     U     1002   0        0 eth0
link-local      *               255.255.0.0     U     1003   0        0 eth1
98.0.0.0        *               255.0.0.0       U     0      0        0 eth0
default         wsip-98-190-148 0.0.0.0         UG    0      0        0 eth0

cat /etc/hosts
98.190.148.186  local   hiro.crowdness.net              hiro
#Virtual Web Servers
192.168.0.201   remote  web1
192.168.0.202   remote  web2

telnet crowdness.net 80
Trying 98.190.148.186...
telnet: connect to address 98.190.148.186: Operation timed out
telnet: Unable to connect to remote host

On the web servers:

192.168.0.8 - - [25/Oct/2012:21:56:46 -0700] "GET / HTTP/1.0" 200 35 "-" "-"
192.168.0.8 - - [25/Oct/2012:21:56:52 -0700] "GET / HTTP/1.0" 200 35 "-" "-"
192.168.0.8 - - [25/Oct/2012:21:56:58 -0700] "GET / HTTP/1.0" 200 35 "-" "-"
192.168.0.8 - - [25/Oct/2012:21:57:04 -0700] "GET / HTTP/1.0" 200 35 "-" "-"
192.168.0.8 - - [25/Oct/2012:21:57:10 -0700] "GET / HTTP/1.0" 200 35 "-" "-"

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [lvs-users] LVS-NAT and full nat (realserver as client), Kristoffer Egefelt
Next by Date:  [lvs-users] sending program not executed by nanny, xavier pajona
Previous by Thread:  Re: [lvs-users] LVS and Nat question, David Coulson
Next by Thread:  Re: [lvs-users] LVS and Nat question, David Coulson
Indexes:  [Date] [Thread] [Top] [All Lists]