LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] LVS-NAT simple (?) setup not working in mysterious way?

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] LVS-NAT simple (?) setup not working in mysterious way?
From: Steve Wray <steve.wray@xxxxxxxxx>
Date: Thu, 20 Sep 2007 12:48:56 +1200
Joseph Mack NA3T wrote:
> On Thu, 20 Sep 2007, Steve Wray wrote:
>
>   
>> I am trying to set up a simple 2-network LVS-NAT to a webserver.
>>
>> So far as I can tell all of my config is by the book.
>>
>> I've stripped it down to one DIP, one RIP.
>>
>> In the end there is intended to be two directors with failover so the config 
>> shows the virtual IP of the interior interface of the director (eth1).
>>     
>
> not by the book. The VIP is on the outside
>   

There are two 'virtual IP addresses'.

One is on the outside, this is 10.10.0.15, this is the actual VIP 
address to which the client connects.

One is on the inside to provide the gateway for the realservers, this is 
192.168.0.254.

I've tried it without this, with just the one director and using its 
internal interface as the gateway for the realserver. This has made no 
difference.


>> This is used as the default route on the realserver.
>>     
>> In the case of the /etc/network/interfaces, this is where I've been setting 
>> up the masquerading. Note that I've tried this with and without iptables 
>> masquerading on the director.
>>     
>
> not by the book. The HOWTO tells you not to use any iptables 
> rules till after you have the LVS running.
>   

Like I said I've tried with and without. Both turn out the same.

>> I am guessing not as most of the LVS-NAT documentation 
>> I've found does indicate configuring iptables rules for 
>> masquerading.
>>     
>
> not in the HOWTO. It's the gold standard on these matters.
>
>   
>> This appears to be such a simple setup that there has to be something very 
>> basic that I'm missing...
>>     
>
> yes,  the setup in the mini-HOWTO
>   
I've been through the mini-HOWTO I don't know how many times.

Its not helping.


Do you think that you could spare a moment to please look at the 
tcpdumps I sent through?

Thanks.




<Prev in Thread] Current Thread [Next in Thread>