carlos at webmail
Apr 22, 2008, 6:19 PM
Post #1 of 2
(365 views)
Permalink
|
|
[lvs-users] VS NAT Director as VS TUN real sever at same time
|
|
Hi...
I am trying to configure VS as balancer director combining NAT and TUN.....
but, I have problems with the NAT and Tunneling over the same box
W.W.W-------------> 66.177.181.12 (eth0)
10.0.0.1(eth1) -----------> Farm (10.0.0.2, 10.0.0.3, 10.0.0.4)
VIP1 NAT (ipvsadm -a -t
66.177.181.12:5050 -r 10.0.0.2:5050 -m -w 100)... (0.3, 0.4)
|
| TUN (ipvsadm -a -t 66.177.181.12:5050 -r 122.231.45.31:5050 -i -w 100)
|
V
122.231.45.31(eth0)
10.0.0.1(eth1) -----------> Farm (10.0.0.2, 10.0.0.3, 10.0.0.4)
VIP2 NAT (ipvsadm -a -t
122.231.45.31:5050 -r 10.0.0.2:5050 -m -w 100)... (0.3, 0.4)
My problem are in VIP2, because, I can see the connections shipped by VIP1,
but the internal round robin (rr -m) not work. I think that the problem is
with the iptables...
I have enable the ports and the IPs, but with the iptable NAT I am not
sure... the next is my iptables script in VIP2
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "1" > /proc/sys/net/ipv4/conf/all/arp_announce
.......
$IPTABLES -t filter -A FORWARD -p TCP --dport 5050 -j ACCEPT (this is enough
to make that works, but that not happend)
....
$IPTABLES -t filter -A INPUT -p TCP --dport
5050 -j ACCEPT
$IPTABLES -t filter -A FORWARD -p TCP --dport 5050 -j
ACCEPT
$IPTABLES -t nat -A PREROUTING -p TCP -d 66.177.181.12 --dport 5050 -j
DNAT --to-destination 122.231.45.31:5050 (I send again the connection to
the VIP of load
balancer (rr) with nating
(-m))
I'll appreciate all the help that any of you could give me.
Thanks
Carlos
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
