I've searched Google and this mailing list but haven't quite seen the same
configuration and/or setup as mine.
The ldirectord documentation states that port mapping on the same server
where the director resides is not possible other than masq, however it says
"non-fwmark". My setup is using fwmark, however, when trying to port map
from port 80 to another port, the client connection hangs. Here are the
exact details of my setup:
The VIP is on the same box as the director and RIP 172.17.0.16. This setup
works fine when no port mapping is being done, but I need to move the port
to something higher than 1024.
virtual=172.17.0.24:80
real=172.17.0.16:50000 gate 100
real=172.17.0.17:50000 gate 100
service=http
scheduler=rr
protocol=tcp
checktype=connect
fwmark=100
iptables:
iptables -t mangle -A PREROUTING -d 172.17.0.24/32 ! -i lo -p tcp -m tcp
--dport 80 -j MARK --set-xmark 0x64/0xffffffff
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT
--to-ports 50000
iptables -t nat -A OUTPUT -o lo -p tcp -m tcp --dport 80 -j REDIRECT
--to-ports 50000
Issue:
curl -v 'http://172.17.0.24'
* About to connect() to 172.17.0.24 port 80 (#0)
* Trying 172.17.0.24...
00:41:44.503581 IP 172.17.0.2.46099 > 172.17.0.24.80: Flags [S], seq
1066084928, win 14600, options [mss 1460,sackOK,TS val 2520815062 ecr
0,nop,wscale 7], length 0
00:41:44.503581 IP 172.17.0.2.46099 > 172.17.0.24.80: Flags [S], seq
1066084928, win 14600, options [mss 1460,sackOK,TS val 2520815062 ecr
0,nop,wscale 7], length 0
00:41:44.503658 IP 172.17.0.16.50000 > 172.17.0.2.46099: Flags [S.], seq
824291086, ack 1066084929, win 14480, options [mss 1460,sackOK,TS val
9521949 ecr 2520815062,nop,wscale 7], length 0
00:41:44.503663 IP 172.17.0.16.50000 > 172.17.0.2.46099: Flags [S.], seq
824291086, ack 1066084929, win 14480, options [mss 1460,sackOK,TS val
9521949 ecr 2520815062,nop,wscale 7], length 0
So the problem I'm having is that the source ip is not being translated by
iptables but sent via lvs as the RIP. Is there a kernel option, iptables
option or ipvsadm option that would allow it to change it back to the VIP?
Any help would be very appreciated!
Jacoby
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|