Re: [lvs-users] Packets Not Reaching Real Server

[Malcolm Turnbull <malcolm@xxxxxxxxxxxxxxxx>]

Usually for MASQ/NAT mode the real server would be in a different
subnet with the LVS server set as the default gateway.

If you want to do one-arm i.e. same subnet MASQ then the test client
needs to be in a separate subnet OR you need to have special routing
rules on the real (backend) server.





On 21 November 2016 at 18:26, Nick Leli <nicholasleli@xxxxxxxxx> wrote:
> Hi Everyone,
>
> I am trying to learn LVS and have created the setup below (better
> formatting at Server Fault http://serverfault.com/questions/816026/lvs-load-
> balancer-not-getting-response).  The LVS setup seems correct, but it
> appears that the connections never make it to the real server, even though
> traffic is being sent from the director.  I am under the impression that no
> iptables rules are required since the real server is added with
> masquerade.  Is this incorrect?  I have read through the HOWTO multiple
> times but am not clear on what is needed.
>
> **Director Host**
>
> root@ip-172-31-16-196:/home/ubuntu# cat  /proc/sys/net/ipv4/ip_forward
> 1
>
> root@ip-172-31-16-196:/home/ubuntu# ifconfig
>     eth0      Link encap:Ethernet  HWaddr 06:a0:5b:48:1b:f5
>               inet addr:172.31.16.196  Bcast:172.31.31.255
>  Mask:255.255.240.0
>               inet6 addr: fe80::4a0:5bff:fe48:1bf5/64 Scope:Link
>               UP BROADCAST RUNNING MULTICAST  MTU:9001  Metric:1
>               RX packets:4211 errors:0 dropped:0 overruns:0 frame:0
>               TX packets:3692 errors:0 dropped:0 overruns:0 carrier:0
>               collisions:0 txqueuelen:1000
>               RX bytes:416625 (416.6 KB)  TX bytes:406446 (406.4 KB)
>
>     lo        Link encap:Local Loopback
>               inet addr:127.0.0.1  Mask:255.0.0.0
>               inet6 addr: ::1/128 Scope:Host
>               UP LOOPBACK RUNNING  MTU:65536  Metric:1
>               RX packets:173 errors:0 dropped:0 overruns:0 frame:0
>               TX packets:173 errors:0 dropped:0 overruns:0 carrier:0
>               collisions:0 txqueuelen:1
>               RX bytes:12776 (12.7 KB)  TX bytes:12776 (12.7 KB)
>
> root@ip-172-31-16-196:/home/ubuntu# ipvsadm -Ln
> IP Virtual Server version 1.2.1 (size=4096)
> Prot LocalAddress:Port Scheduler Flags
>   -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
> TCP  172.31.16.196:80 rr
>   -> 172.31.16.195:80             Masq    1      0          0
>
> root@ip-172-31-16-196:/home/ubuntu# ipvsadm -Ln --stats
> IP Virtual Server version 1.2.1 (size=4096)
> Prot LocalAddress:Port               Conns   InPkts  OutPkts  InBytes
> OutBytes
>   -> RemoteAddress:Port
> TCP  172.31.16.196:80                   23      122        0     6436
>  0
>   -> 172.31.16.195:80                   23      122        0     6436
>  0
>
> root@ip-172-31-16-196:/home/ubuntu# curl 172.31.16.195-vv
> * Rebuilt URL to: 172.31.16.195/
> *   Trying 172.31.16.195...
> * Connected to 172.31.16.195 (172.31.16.195) port 80 (#0)
>> GET / HTTP/1.1
>> Host: 172.31.16.195
>> User-Agent: curl/7.47.0
>> Accept: */*
>>
> * HTTP 1.0, assume close after body
> < HTTP/1.0 200 OK
> < Server: SimpleHTTP/0.6 Python/2.7.12
> < Date: Mon, 21 Nov 2016 04:59:04 GMT
> < Content-type: text/html
> < Content-Length: 26
> < Last-Modified: Mon, 21 Nov 2016 00:58:21 GMT
> <
> >From server 172.31.16.195
> * Closing connection 0
>
> # Show the public IP of this host
> root@ip-172-31-16-196:/home/ubuntu# wget http://ipinfo.io/ip -qO -
> 52.15.105.107
>
> **Backend Server**
>
> root@ip-172-31-16-195:/home/ubuntu# netstat -tnlp
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address           Foreign Address         State
>     PID/Program name
> tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN
>      2444/python
> tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
>      1221/sshd
> tcp6       0      0 :::22                   :::*                    LISTEN
>      1221/sshd
>
> root@ip-172-31-16-195:/home/ubuntu# iptables -L -t nat
> Chain PREROUTING (policy ACCEPT)
> target     prot opt source               destination
>
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Chain POSTROUTING (policy ACCEPT)
> target     prot opt source               destination
> >From Remote Client
>
> # Hitting the public IP
> $ curl -vvv http://52.15.105.107/
> *   Trying 52.15.105.107...
> * Connected to 52.15.105.107 (127.0.0.1) port 80 (#0)
>> GET / HTTP/1.1
>> Host: 52.15.105.107
>> User-Agent: curl/7.43.0
>> Accept: */*
>>
> < HTTP/1.1 504 Gateway Time-out
> < Server: ScanSafe
> < Mime-Version: 1.0
> < Date: Mon, 21 Nov 2016 05:40:50 GMT
> < Content-Type: text/html
> < Content-Length: 1664
> < X-ScanSafe-Error: ERR_CONNECT_FAIL 110
> < Keep-Alive: 60
> < Via: HTTP/1.1 proxy10829
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users



-- 
Regards,

Malcolm Turnbull.

Loadbalancer.org Ltd.
Phone: +44 (0)330 380 1064
http://www.loadbalancer.org/

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users