Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Linux Virtual Server: Users

[lvs-users] lvs NAT mode - real server to (different) virtual server public IP web requests fail

  

 
Linux Virtual Server users RSS feed   Index | Next | Previous | View Threaded


jeh1965 at gmail

Nov 25, 2009, 8:17 PM

Post #1 of 13 (1739 views)
Permalink
[lvs-users] lvs NAT mode - real server to (different) virtual server public IP web requests fail
Greeting LVS users,

I have an interesting issue I haven't been able to solve, please let
me know if I've missed a documented point. I have a fairly standard
LVS NAT setup for load balancing multiple websites to multiple
servers. But I have an interesting problem where one website needs to
call a web service on another website within the same LVS-NAT cluster
via the virtual server public IP interface. The real server outbound
request won't seem to go "full circle" out to the director and then
back into the other virtual server's public IP.

Consider this setup, where WebApp1 and WebApp2 are two websites on
separate public IP addresses.

WebApp1 WebApp2
---------------------------------------
LVS NAT Director
--------------------------------------
RealSrv1 RealSrv2 RealSrv3


Request comes into WebApp1 Public IP
---> LVS Nat Director
---> NAT RealSrv1
WebApp1 running on RealSrv1 needs to call a web service on WebApp2
(Public IP)

I cannot seem to get RealSrv1 to call the web service of WebApp2. For
that matter even trying to load WebApp2 on lynx on any of the real
servers fails.

I was able to briefly solve this issue by setting up an intermediary
server that is connected to both the private and public networks, and
putting a static route to the public IPs subnet on the RealServers to
communicate through the intermediary. It works for about 10 seconds,
then it dies.

Suggestions?

Thanks,
--
james h

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


jmack at wm7d

Nov 26, 2009, 4:57 AM

Post #2 of 13 (1695 views)
Permalink
Re: [lvs-users] lvs NAT mode - real server to (different) virtual server public IP web requests fail [In reply to]
On Wed, 25 Nov 2009, James H wrote:

> The real server outbound request won't seem to go "full
> circle" out to the director and then back into the other
> virtual server's public IP.

The VIP is local. The request is not going to be load
balanced. Is there a problem with the 2nd request staying on
the same real server?

Joe

--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


jmack at wm7d

Nov 26, 2009, 5:03 AM

Post #3 of 13 (1695 views)
Permalink
Re: [lvs-users] lvs NAT mode - real server to (different) virtual server public IP web requests fail [In reply to]
On Thu, 26 Nov 2009, Joseph Mack NA3T wrote:

> On Wed, 25 Nov 2009, James H wrote:
>
>> The real server outbound request won't seem to go "full
>> circle" out to the director and then back into the other
>> virtual server's public IP.
>
> The VIP is local. The request is not going to be load
> balanced. Is there a problem with the 2nd request staying on
> the same real server?

Hmm. I'm wrong. With LVS-NAT there's no VIP on the
realserver. If you want the 2nd request to work, you need
the VIP on the realserver, so LVS-DR will work.

Joe
>

--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


graeme at graemef

Nov 26, 2009, 5:50 AM

Post #4 of 13 (1697 views)
Permalink
Re: [lvs-users] lvs NAT mode - real server to (different) virtual server public IP web requests fail [In reply to]
On Wed, 2009-11-25 at 20:17 -0800, James H wrote:
> Suggestions?

See the section in the HOWTO on "realservers as clients". It's a
difficult one to solve, and adds extra complexity to the system.

Here's a thought for you, though - why do the internal requests need to
be load balanced? If the service is located on all of the realservers,
can it not just be called locally?

Graeme


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


mehrdad.ziaei at senecac

Nov 26, 2009, 6:47 AM

Post #5 of 13 (1692 views)
Permalink
Re: [lvs-users] lvs NAT mode - real server to (different) virtual server public IP web requests fail [In reply to]
Hi,

I have the exact same problem.

Here is the scenario, I host two different sets of websites within the
same webfarm cluster behind one LVS.
These two sets are isolated from each other and running on two different
sets of real servers.

Websites from the first set need access to a web-service from the 2nd set.
I will not be able to call it locally, and can not point to one specific
real server from
2nd set as it will defeat the high availability in case that specific
node goes down for any reason.

Can we have both LVS-NAT and LVS-DR configuration on the same LVS at
the same time?
To use a live IP as VIP for clients outside of the cluster in the
LVS-NAT configuration
and to use a private IP as VIP for clients inside the cluster in the
LVS-DR configuration
and both use the same set of real servers?

Mehrdad

Graeme Fowler wrote:
> On Wed, 2009-11-25 at 20:17 -0800, James H wrote:
>
>> Suggestions?
>>
>
> See the section in the HOWTO on "realservers as clients". It's a
> difficult one to solve, and adds extra complexity to the system.
>
> Here's a thought for you, though - why do the internal requests need to
> be load balanced? If the service is located on all of the realservers,
> can it not just be called locally?
>
> Graeme
>
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
> Send requests to lvs-users-request [at] LinuxVirtualServer
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


graeme at graemef

Nov 26, 2009, 6:50 AM

Post #6 of 13 (1683 views)
Permalink
Re: [lvs-users] lvs NAT mode - real server to (different) virtual server public IP web requests fail [In reply to]
On Thu, 2009-11-26 at 09:47 -0500, Mehrdad Ziaei wrote:
> Can we have both LVS-NAT and LVS-DR configuration on the same LVS at
> the same time?

Yes.

As I mentioned earlier, have a read of the HOWTO and you'll see some
suggestions (including the above) which get around this problem.

Graeme


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


jmack at wm7d

Nov 26, 2009, 7:19 AM

Post #7 of 13 (1684 views)
Permalink
Re: [lvs-users] lvs NAT mode - real server to (different) virtual server public IP web requests fail [In reply to]
On Thu, 26 Nov 2009, Mehrdad Ziaei wrote:

> Hi,
>
> I have the exact same problem.
>
> Here is the scenario, I host two different sets of
> websites within the same webfarm cluster behind one LVS.
> These two sets are isolated from each other and running on
> two different sets of real servers.

do they have different (sets of) VIPs?

> Websites from the first set need access to a web-service
> from the 2nd set. I will not be able to call it locally,
> and can not point to one specific real server from 2nd set
> as it will defeat the high availability in case that
> specific node goes down for any reason.


Joe

--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


mehrdad.ziaei at senecac

Nov 26, 2009, 7:29 AM

Post #8 of 13 (1688 views)
Permalink
Re: [lvs-users] lvs NAT mode - real server to (different) virtual server public IP web requests fail [In reply to]
Joseph Mack NA3T wrote:
> On Thu, 26 Nov 2009, Mehrdad Ziaei wrote:
>
>
>> Hi,
>>
>> I have the exact same problem.
>>
>> Here is the scenario, I host two different sets of
>> websites within the same webfarm cluster behind one LVS.
>> These two sets are isolated from each other and running on
>> two different sets of real servers.
>>
>
> do they have different (sets of) VIPs?
>
The combination of VIP and port are different:

One set includes VIP#1:80 , VIP#2:80, VIP#2:443 (excluding VIP#1:443)
2nd set (web service) is on VIP#1:443

Mehrdad

>
>> Websites from the first set need access to a web-service
>> from the 2nd set. I will not be able to call it locally,
>> and can not point to one specific real server from 2nd set
>> as it will defeat the high availability in case that
>> specific node goes down for any reason.
>>
>
>
> Joe
>
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


jmack at wm7d

Nov 26, 2009, 9:22 AM

Post #9 of 13 (1686 views)
Permalink
Re: [lvs-users] lvs NAT mode - real server to (different) virtual server public IP web requests fail [In reply to]
On Thu, 26 Nov 2009, Mehrdad Ziaei wrote:

> The combination of VIP and port are different:
>
> One set includes VIP#1:80 , VIP#2:80, VIP#2:443 (excluding VIP#1:443)
> 2nd set (web service) is on VIP#1:443

this is a standard 3-tier setup

client -> server-VIP1:80 -> server-VIP1:443

you should be able to route by port number. There's an
example in the 3-tier section of the HOWTO

Joe

--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


jeh1965 at gmail

Nov 26, 2009, 10:12 AM

Post #10 of 13 (1692 views)
Permalink
Re: [lvs-users] lvs NAT mode - real server to (different) virtual server public IP web requests fail [In reply to]
Hi,

I anticipated this question and should have answered this before it
was asked. In a nutshell, the two websites that need to communicate
with one another are owned by different entities that may not be aware
they are on the same cluster. So website 1 needs to be able to call
website 2 without any knowledge of the underlying infrastructure.

I'd like to back up to one of my original configurations that works -
for just a minute or so! Perhaps there is an ARP issue I need to
resolve in that configuration.

When I said it was a fairly stock setup, well that's not entirely
true. I actually have two private nets connected to the real servers.
192.168.1.x which I call a "management net" that lets me access the
real servers even if LVS routing is off, and 192.168.2.x which handles
the LVS traffic. The default gateway is on the 192.168.2.x (LVS)
router net.

I have a routing tabled defined to 192.168.1.x and a rule that any
traffic originating from the 192.168.1.x interface is routed via
192.168.1.1. ex: (the real server is 192.168.1.104, here are the
if-cfg rules and routes defined)

rule-eth1: from 192.168.1.104 table InternalNet
route-eth1: default table InternalNet via 192.168.1.1

This works fine and is nice to have so that I can run some local
traffic between machines on a private net.

Now, I add this next rule trying to solve the problem of real servers
as clients (assuming xxx.xxx.xxx.xxx/26 is my "live" IP network
range).
route-eth1: xxx.xxx.xxx.xxx/26 via 192.168.1.1 dev eth1

This will direct requests for the VIPs out the 192.168.1.x interface
via 192.168.1.1. That happens to be another simple NAT firewall, whose
public IP is in the same public subnet as the VIPs. When I put this
in, and restart the network on the real server, I CAN use lynx on a
real server to browse a website on the public IP address. The request
goes OUT the 192.168.1.x InternalNet, via 192.168.1.1, NATs out to the
public side and makes the request to the VIP on the LVS director.
Reply presumably comes full circle back out the LVS director, back
through my 192.168.1.1 firewall and into the real server via
192.168.1.104.

But after a minute or so, the connection breaks down and will begin to timeout.

Suggestions?

Thanks,
James

On Thu, Nov 26, 2009 at 5:50 AM, Graeme Fowler <graeme [at] graemef> wrote:
> On Wed, 2009-11-25 at 20:17 -0800, James H wrote:
>> Suggestions?
>
> See the section in the HOWTO on "realservers as clients". It's a
> difficult one to solve, and adds extra complexity to the system.
>
> Here's a thought for you, though - why do the internal requests need to
> be load balanced? If the service is located on all of the realservers,
> can it not just be called locally?
>
> Graeme

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


horms at verge

Nov 27, 2009, 4:15 AM

Post #11 of 13 (1681 views)
Permalink
Re: [lvs-users] lvs NAT mode - real server to (different) virtual server public IP web requests fail [In reply to]
On Thu, Nov 26, 2009 at 10:12:19AM -0800, James H wrote:
> Hi,
>
> I anticipated this question and should have answered this before it
> was asked. In a nutshell, the two websites that need to communicate
> with one another are owned by different entities that may not be aware
> they are on the same cluster. So website 1 needs to be able to call
> website 2 without any knowledge of the underlying infrastructure.
>
> I'd like to back up to one of my original configurations that works -
> for just a minute or so! Perhaps there is an ARP issue I need to
> resolve in that configuration.
>
> When I said it was a fairly stock setup, well that's not entirely
> true. I actually have two private nets connected to the real servers.
> 192.168.1.x which I call a "management net" that lets me access the
> real servers even if LVS routing is off, and 192.168.2.x which handles
> the LVS traffic. The default gateway is on the 192.168.2.x (LVS)
> router net.
>
> I have a routing tabled defined to 192.168.1.x and a rule that any
> traffic originating from the 192.168.1.x interface is routed via
> 192.168.1.1. ex: (the real server is 192.168.1.104, here are the
> if-cfg rules and routes defined)
>
> rule-eth1: from 192.168.1.104 table InternalNet
> route-eth1: default table InternalNet via 192.168.1.1
>
> This works fine and is nice to have so that I can run some local
> traffic between machines on a private net.
>
> Now, I add this next rule trying to solve the problem of real servers
> as clients (assuming xxx.xxx.xxx.xxx/26 is my "live" IP network
> range).
> route-eth1: xxx.xxx.xxx.xxx/26 via 192.168.1.1 dev eth1
>
> This will direct requests for the VIPs out the 192.168.1.x interface
> via 192.168.1.1. That happens to be another simple NAT firewall, whose
> public IP is in the same public subnet as the VIPs. When I put this
> in, and restart the network on the real server, I CAN use lynx on a
> real server to browse a website on the public IP address. The request
> goes OUT the 192.168.1.x InternalNet, via 192.168.1.1, NATs out to the
> public side and makes the request to the VIP on the LVS director.
> Reply presumably comes full circle back out the LVS director, back
> through my 192.168.1.1 firewall and into the real server via
> 192.168.1.104.
>
> But after a minute or so, the connection breaks down and will begin to timeout.
>
> Suggestions?

Here is my thinking:

1) The LVS-NATed connections will have the source IP address of
the machine that made the request. Though in this case
it will be the IP address of 192.168.1.1 in the live range.
2) The live range is routed via 192.168.1.1, not the linux-director.
So return packets from the real-server will go to the wrong place.


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


jeh1965 at gmail

Nov 30, 2009, 11:38 PM

Post #12 of 13 (1562 views)
Permalink
Re: [lvs-users] lvs NAT mode - real server to (different) virtual server public IP web requests fail [In reply to]
What if we used routing tables to route all NEW (not related, not
established) outbound connections to the public/VIPs via the
192.168.1.1 gateway (eg: non-LVS net for round-trip access to the
front end of the LVS director), and use iptables to reply to all
RELATED/ESTABLISHED connections on the interface by which they
arrived?

I'm not great at iptables/iproute2, can someone comment on these rules
or tell me if I've missed something:

InternalNet IP: 192.168.1.104
LVS-NAT IP: 192.168.2.104
Network/Default Route: 192.168.2.100 (LVS Director)

ifcfg ip routes:
default table InternalNet via 192.168.1.1
default table main via 192.168.2.100 # implied default route - maybe
don't need this
123.123.123.64/26 via 192.168.1.1 dev eth1 # send public/LVS requests
out the InternalNet gateway to the front end of the LVS directory, let
iptables fixup replies on the correct interface

ifcfg ip rules:
from 192.168.1.104 table InternalNet
from 192.168.2.104 table main #implied rule - maybe don't need this
fwmark 1 lookup InternalNet
fwmark 2 lookup main

iptables:
-A OUTPUT -m state --state ESTABLISHED,RELATED -j
CONNMARK --restore-mark
-A PREROUTING -d 192.168.1.104 -m state --state NEW -j CONNMARK --set-mark 1
-A PREROUTING -d 192.168.2.104 -m state --state NEW -j CONNMARK --set-mark 2


Does this make sense?

Best,
james

On Fri, Nov 27, 2009 at 4:15 AM, Simon Horman <horms [at] verge> wrote:
> Here is my thinking:
>
> 1) The LVS-NATed connections will have the source IP address of
>   the machine that made the request. Though in this case
>   it will be the IP address of 192.168.1.1 in the live range.
> 2) The live range is routed via 192.168.1.1, not the linux-director.
>   So return packets from the real-server will go to the wrong place.

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


jeh1965 at gmail

Dec 1, 2009, 5:03 PM

Post #13 of 13 (1548 views)
Permalink
Re: [lvs-users] lvs NAT mode - real server to (different) virtual server public IP web requests fail [In reply to]
Ok - I finally solved this, and I'd like to offer it up as a
suggestion for another resolution to the LVS-NAT RealServers as
Clients notes. While this does route all traffic back through the
director, it is an entirely generic solution so it could work for as
many VIPs and RIPs as necessary. As a fringe benefit and result of
going round-about via your default gateway through the director, all
connections follow the same load balancing you've established for the
system. This might be important if you have a lot of these cases. This
setup also provides the added benefit that realservers can communicate
to anywhere for outbound connections the normal network gateway.

My work is largely inspired by Jonathan and Karen's blog post here:
http://developingrapids.blogspot.com/2006/05/conning-mark-multiwan-connections.html

I'm describing redhat/centos based configs, slight variations may be
required on other systems that I'm not familiar with.

The assumption is that you have 2 internal VLANs, one for "management"
traffic and one for LVS traffic. I'll call those:

InternalNet 192.168.1.x
LVSNet 192.168.2.x

The LVS director is 192.168.2.100

On realservers:
- Use your normal default gateway for your network, NOT the LVS
Director, eg: 192.168.1.1
- Use mangle table prerouting firewall marks to mark any LVS traffic
to fwmark 2
- Use mangle table prerouting firewall marks to mark any non-LVS
traffic to fwmark 1 (may be redundant)
- Use ip rules to direct any traffic received with fwmark 2 via the
LVSNet table (192.168.2.100 gateway)
- Use ip rules to direct any traffic received on 192.168.2.x via the
LVSNet table (192.168.2.100 gateway - may be redundant)
- Use ip rules to direct any traffic received with fwmark 1 via the
InternalNet table (192.168.1.1 gateway - may be redundant to the
default route)
- Use ip rules to direct any traffic received on 192.168.1.x via the
InternalNet table (192.168.1.1 gateway - may be redundant)

Configuration:
===========
1) Add two tables to your /etc/iproute2/rt_tables

200 InternalNet
201 LVSNet

2) Set your default gateway to 192.168.1.1 (/etc/sysconfig/network)
GATEWAY=192.168.1.1

3) In your iptables mangle table (for real server 192.168.1.112), add
the following. In different realservers, replace the IP address
192.168.1.112 with that of the current real server:
-A PREROUTING -j CONNMARK --restore-mark
-A PREROUTING -m mark --mark 0x1 -j ACCEPT
-A PREROUTING -d 192.168.1.112 -j MARK --set-mark 0x1
-A PREROUTING -m mark --mark 0x2 -j ACCEPT
-A PREROUTING -d 192.168.2.112 -j MARK --set-mark 0x2
-A PREROUTING -j CONNMARK --save-mark

4) Setup IP routes and rules (for each real server you change the IP
address in the rules below to that of the real server IPs)

routes: /etc/sysconfig/network-scripts/route-eth1:
default table InternalNet via 192.168.1.1
default table LVSNet via 192.168.2.100

rules: /etc/sysconfig/network-scripts/rule-eth1
from 192.168.1.112 table InternalNet
from 192.168.2.112 table LVSNet
fwmark 1 lookup InternalNet
fwmark 2 lookup LVSNet


------ DONE ----
Net result is that LVS-NAT based inbound connections route back out
through the LVS Director appropriately, even though your default
gateway is on 192.168.1.1. All other real server requests route
through your normal LAN default gateway. If that outbound request is
to one of your LVS VIPs (real server as client), the connection goes
via your normal LAN to the front end of the LVS director, and the
reply comes back the same path.
---------------------

Verify configuration:

You end up with:
[root [at] rack11 ~]# route
eth1 Link encap:Ethernet
inet addr:192.168.1.112 Bcast:192.168.1.255 Mask:255.255.255.0
eth1:1 Link encap:Ethernet
inet addr:192.168.2.112 Bcast:192.168.2.255 Mask:255.255.255.0

[root [at] rack11 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth1


[root [at] rack11 ~]# ip rule show
0: from all lookup 255
32759: from all fwmark 0x2 lookup LVSNet
32760: from all fwmark 0x1 lookup InternalNet
32761: from 192.168.2.112 lookup LVSNet
32762: from 192.168.1.112 lookup InternalNet
32763: from all fwmark 0x2 lookup main
32766: from all lookup main
32767: from all lookup default

Best,
James

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

Linux Virtual Server users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.