[lvs-users] LVS with Piranha in NAT Mode

["Frank Kirschner" <frank@xxxxxxxxxxxx>]

Hello,
since one week I can't find out why will my LVS not work. It's a setup only
for testing:

The LVS setup after boot up:

[root@lvs1 ~]# ifconfig
eth0      Link encap:Ethernet  Hardware Adresse 94:0C:6D:84:2B:3F  
          inet Adresse:192.168.130.231  Bcast:192.168.130.255
Maske:255.255.255.0
          inet6 Adresse: fe80::960c:6dff:fe84:2b3f/64
Gültigkeitsbereich:Verbindung
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1791 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1346 errors:0 dropped:0 overruns:0 carrier:0
          Kollisionen:0 Sendewarteschlangenlänge:1000 
          RX bytes:171782 (167.7 KiB)  TX bytes:225413 (220.1 KiB)

eth0:1    Link encap:Ethernet  Hardware Adresse 94:0C:6D:84:2B:3F  
          inet Adresse:192.168.130.241  Bcast:192.168.130.255
Maske:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth1      Link encap:Ethernet  Hardware Adresse 00:11:6B:62:C3:C9  
          inet Adresse:192.168.13.254  Bcast:192.168.13.255
Maske:255.255.255.0
          inet6 Adresse: fe80::211:6bff:fe62:c3c9/64
Gültigkeitsbereich:Verbindung
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2117 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2075 errors:0 dropped:0 overruns:0 carrier:0
          Kollisionen:0 Sendewarteschlangenlänge:1000 
          RX bytes:1213631 (1.1 MiB)  TX bytes:138309 (135.0 KiB)

lo        Link encap:Lokale Schleife  
          inet Adresse:127.0.0.1  Maske:255.0.0.0
          inet6 Adresse: ::1/128 Gültigkeitsbereich:Maschine
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:9 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          Kollisionen:0 Sendewarteschlangenlänge:0 
          RX bytes:540 (540.0 b)  TX bytes:540 (540.0 b)

========================================================
SELINUX is disabled

========================================================

Firewall:
[root@lvs1 ~]# service iptables status
Tabelle: nat
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         

Tabelle: mangle
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination         

Tabelle: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         

===================================================
Config:
[root@lvs1 ~]# cat /etc/sysconfig/ha/lvs.cf 
serial_no = 34
primary = 192.168.130.231
service = lvs
backup_active = 0
backup = 0.0.0.0
heartbeat = 1
heartbeat_port = 539
keepalive = 6
deadtime = 18
network = nat
nat_router = 192.168.13.254 eth1
nat_nmask = 255.255.255.0
debug_level = NONE
virtual http_intranet {
     active = 1
     address = 192.168.130.241 eth0:1
     vip_nmask = 255.255.255.0
     port = 80
     send = "GET / HTTP/1.0\r\n\r\n"
     expect = "HTTP"
     use_regex = 0
     load_monitor = none
     scheduler = wlc
     protocol = tcp
     timeout = 6
     reentry = 15
     quiesce_server = 0
     server v_182 {
         address = 192.168.13.182
         active = 1
         weight = 100
     }
}

=======================================================

LVS Routing Table:
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.130.241:80 wlc
-> 192.168.13.182:80 Masq 100 0 0

LVS Processes:
root 1062 0.0 0.0 2408 580 ? Ss 17:16 0:00 pulse
root 1226 0.0 0.0 2400 812 ? Ss 17:16 0:00 /usr/sbin/lvsd --nofork -c
/etc/sysconfig/ha/lvs.cf
root 1230 0.0 0.0 2372 840 ? Ss 17:16 0:00 /usr/sbin/nanny -c -h
192.168.13.182 -p 80 -r 80 -s GET / HTTP/1.0\r\n\r\n -x HTTP -a 15 -I
/sbin/ipvsadm -t 6 -w 100 -V 192.168.130.241 -M m -U none --lvs
root 1360 0.4 0.1 5056 1692 tty1 S+ 17:21 0:01 watch ipvsadm

========================================================
My tests from the LVS host:

[root@lvs1 ~]# telnet 192.168.13.182 80
Trying 192.168.13.182...
Connected to 192.168.13.182.
Escape character is '^]'.
GET / HTTP/1.0\r\n\r\n

HTTP/1.1 403 Forbidden
Date: Tue, 08 Jul 2014 13:35:01 GMT
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Length: 5039
Connection: close
Content-Type: text/html
(.....) This is the CentOS Apache start page
=> the real server is working, tested from the LVS

But this is not working:

[root@lvs1 ~]# telnet 192.168.130.241 80
Trying 192.168.130.241...
telnet: connect to address 192.168.130.241: Connection timed out

The LVS seems not tranfering the traffic to the real server - but I don't
know why.
Can anybody help please?

best regards
Frank
 


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users