|
I think you probably are confused with the the iptables match
extension ipvs and ipvs core in kernel as load balancing (LVS), you
don't need to have iptables rule to make LVS work, the iptables '-m
ipvs' is used when you need to do source address translation (SNAT),
it is used when you don't want to point your real server gateway ip to
the lvs director in LVS NAT mode and you are also using it wrongly,
for example, in my usage I have:
echo 1 > /proc/sys/net/ipv4/vs/conntrack
iptables -t nat -A POSTROUTING -m ipvs --vaddr 10.1.72.169/32 --vport
80 -j SNAT --to-source 10.2.72.139
iptables -t nat -A POSTROUTING -m ipvs --vaddr 10.1.72.169/32 --vport
22 -j SNAT --to-source 10.2.72.139
On Sat, Aug 3, 2013 at 4:41 AM, Prasun Bhattacharjee
<prasunb25@xxxxxxxxx> wrote:
> Dear all,
> I am trying to setup LVS-NAT load-balancer. I am using three ubuntu
> instances. Here are the instance details...
> Load-balancer
> Private IP: 192.168.20.44
> Public IP: 10.10.10.167
> Real Server
> Private IP: 192.168.16.10
> Public IP: 10.10.10.221
> Real Server
> Private IP: 192.168.16.11
> Public IP: 10.10.10.225
> Now, I have configured ipvsadm in following manner...
> root@ubuntutcs:~#
> root@ubuntutcs:~# ipvsadm -A -u 192.168.20.44:4679 -s rr
> root@ubuntutcs:~# ipvsadm -a -u 192.168.20.44:4679 -r 192.168.16.10:4679 -m
> root@ubuntutcs:~# ipvsadm -a -u 192.168.20.44:4679 -r 192.168.16.11:4679 -m
> Set "net.ipv4.ip_forward" to 1 in /etc/sysctl.conf file. Then I have
> configured iptables for NAT.
> root@ubuntutcs:~# iptables -t nat -A PREROUTING -p udp --dport 4679 -m ipvs
> --vproto udp --vaddr 192.168.20.82 --vport 5683 --vmethod MASQ --vportctl
> 5683
> root@ubuntutcs:~# iptables -t nat -A POSTROUTING -j MASQUERADE
> With this configuration, I am not able to connect real servers. I have used
> "tcpdump" to track packets. Here are snippet of tcpdump output on
> load-balancer..
> root@ubuntutcs:~# !tcp
> tcpdump -n -i any port 5683
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535
> bytes
> 14:40:09.113514 IP 10.10.10.226.45048 > 192.168.20.82.5683: UDP, length 39
> 14:40:09.113685 IP 10.10.10.226.45048 > 192.168.16.10.5683: UDP, length 39
> 14:40:23.556608 IP 10.10.10.226.47732 > 192.168.20.82.5683: UDP, length 39
> 14:40:23.556790 IP 10.10.10.226.47732 > 192.168.16.11.5683: UDP, length 39
> It seems that packets are forwarded to the real servers, but they are not
> received by real servers. I have executed "tcpdump" on real servers too,
> but did not get any packets.
> Please advice, do I need to configure real server?
> Thanks,
> Prasun
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
