Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Linux Virtual Server: Users

[lvs-users] Natting Issue

 

 

Linux Virtual Server users RSS feed   Index | Next | Previous | View Threaded


reet.vyas28 at gmail

Mar 29, 2012, 12:25 AM

Post #1 of 16 (1206 views)
Permalink
[lvs-users] Natting Issue

Hi I have configured LVS router and two real servers(Windows 2003) but
packets are coming external but not coming to my eth1(not going to my
real servers, using piranha for configuration . i have created VIP for
external as well as internal network . u can check my ifconfig and i hve
installed squid on it cause real servers are on diif network. I think i
hve to use iptables to forward req to internal nw/ but dunno exactly how to
achieve this thing pls help

this is my ifconfig
eth0 Link encap:Ethernet HWaddr 00:00:E8:F6:74:DA
inet addr:122.166.233.133 Bcast:122.166.233.255
Mask:255.255.255.0
inet6 addr: fe80::200:e8ff:fef6:74da/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4065464 errors:0 dropped:0 overruns:0 frame:0
TX packets:5065475 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:436221795 (416.0 MiB) TX bytes:1345942108 (1.2 GiB)
Interrupt:16 Base address:0x2000

eth0:1 Link encap:Ethernet HWaddr 00:00:E8:F6:74:DA
inet addr:122.166.233.136 Bcast:122.166.233.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16 Base address:0x2000

eth1 Link encap:Ethernet HWaddr 00:E0:20:14:F9:2D
inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0
inet6 addr: fe80::2e0:20ff:fe14:f92d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4123451 errors:0 dropped:0 overruns:0 frame:0
TX packets:4989477 errors:0 dropped:0 overruns:0 carrier:8
collisions:0 txqueuelen:1000
RX bytes:697550822 (665.2 MiB) TX bytes:444500520 (423.9 MiB)
Interrupt:17 Memory:60000400-600004ff

eth1:0 Link encap:Ethernet HWaddr 00:E0:20:14:F9:2D
inet addr:192.168.3.10 Bcast:192.168.3.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:17 Memory:60000400-600004ff
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


enno+lvs at groeper-berlin

Mar 29, 2012, 1:14 AM

Post #2 of 16 (1149 views)
Permalink
Re: [lvs-users] Natting Issue [In reply to]

Hi,

Am 29.03.2012 09:25, schrieb Reet Vyas:
> Hi I have configured LVS router and two real servers(Windows 2003) but
> packets are coming external but not coming to my eth1(not going to my
> real servers, using piranha for configuration . i have created VIP for
> external as well as internal network .

> u can check my ifconfig and i hve
> installed squid on it cause real servers are on diif network.
You have been told, that you CAN'T have a client on the LVS node. So you
MUST NOT run squid on the lvs node. squid shall establish a connection
to your realservers using the loadbalancer and therefore is a client.

Why are you using squid anyway?
I don't see why you should need it. Remove it!
What do you mean with "diif network"? Looking at your configuration your
LVS node and your real servers are both connected to 192.168.3.0/24.
And your LVS node has an additional connection to an external network.
Looks fine. Doesn't need squid.


HTH,
Enno
Attachments: signature.asc (0.26 KB)


reet.vyas28 at gmail

Mar 29, 2012, 1:34 AM

Post #3 of 16 (1152 views)
Permalink
Re: [lvs-users] Natting Issue [In reply to]

ok but as my packets are not gng to external n/w how to do this using
iptables?

On Thu, Mar 29, 2012 at 1:44 PM, Enno Gröper <enno+lvs [at] groeper-berlin>wrote:

> Hi,
>
> Am 29.03.2012 09:25, schrieb Reet Vyas:
> > Hi I have configured LVS router and two real servers(Windows 2003) but
> > packets are coming external but not coming to my eth1(not going to my
> > real servers, using piranha for configuration . i have created VIP for
> > external as well as internal network .
>
> > u can check my ifconfig and i hve
> > installed squid on it cause real servers are on diif network.
> You have been told, that you CAN'T have a client on the LVS node. So you
> MUST NOT run squid on the lvs node. squid shall establish a connection
> to your realservers using the loadbalancer and therefore is a client.
>
> Why are you using squid anyway?
> I don't see why you should need it. Remove it!
> What do you mean with "diif network"? Looking at your configuration your
> LVS node and your real servers are both connected to 192.168.3.0/24.
> And your LVS node has an additional connection to an external network.
> Looks fine. Doesn't need squid.
>
>
> HTH,
> Enno
>
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
> Send requests to lvs-users-request [at] LinuxVirtualServer
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


graeme at graemef

Mar 29, 2012, 2:47 AM

Post #4 of 16 (1151 views)
Permalink
Re: [lvs-users] Natting Issue [In reply to]

Reet

On Thu, 2012-03-29 at 14:04 +0530, Reet Vyas wrote:
> ok but as my packets are not gng to external n/w how to do this using
> iptables?

In my opinion you need to go right back to basics.

Get a single LVS using two webservers (or some other relatively simple
protocol) working in your environment and test that. If you cannot make
that work, you are never going to make a complex system work.

Graeme


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


enno+lvs at groeper-berlin

Mar 29, 2012, 3:24 AM

Post #5 of 16 (1155 views)
Permalink
Re: [lvs-users] Natting Issue [In reply to]

Am 29.03.2012 10:34, schrieb Reet Vyas:
> ok but as my packets are not gng to external n/w how to do this using
> iptables?
I have got a similar setup working without any custom iptables rules.
If your real servers have 192.168.3.1 as default gateway, everything
should be fine.

How do you know your "packets are not gng to external n/w"?
Did you capture the ip traffic?

What is your exact setup and network topology now?
What are you exactly trying to do (connecting from which IP to which
IP:Port, ...)?
Attachments: signature.asc (0.26 KB)


reet.vyas28 at gmail

Mar 29, 2012, 3:54 AM

Post #6 of 16 (1151 views)
Permalink
Re: [lvs-users] Natting Issue [In reply to]

thanks for replying. my network is as follows:

lvs has two nic etho and eth1 and my local is connect to eth1 and external
to eth0

eth0 : has external ip cause we are working for client and eth1 has
192.168.3.0 n/w.

etho:122:166:133.xxx
eth0:1 :122.166.133. xxx

eth 1:192.168.3.xxx
eth1:1 192.168.3.xxx

As you said no iptable rule why so and why gateway as eth1 instead of
eth1:1 .it is mentioned in documentation use VIP eth1:1 as gateway for real
servers. pls m confused .Can u pls explain??


On Thu, Mar 29, 2012 at 3:54 PM, Enno Gröper <enno+lvs [at] groeper-berlin>wrote:

> Am 29.03.2012 10:34, schrieb Reet Vyas:
> > ok but as my packets are not gng to external n/w how to do this using
> > iptables?
> I have got a similar setup working without any custom iptables rules.
> If your real servers have 192.168.3.1 as default gateway, everything
> should be fine.
>
> How do you know your "packets are not gng to external n/w"?
> Did you capture the ip traffic?
>
> What is your exact setup and network topology now?
> What are you exactly trying to do (connecting from which IP to which
> IP:Port, ...)?
>
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
> Send requests to lvs-users-request [at] LinuxVirtualServer
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


enno+lvs at groeper-berlin

Mar 29, 2012, 4:55 AM

Post #7 of 16 (1154 views)
Permalink
Re: [lvs-users] Natting Issue [In reply to]

Hi,

Am 29.03.2012 12:54, schrieb Reet Vyas:
> thanks for replying. my network is as follows:
>
> lvs has two nic etho and eth1 and my local is connect to eth1 and
> external to eth0
>
> eth0 : has external ip cause we are working for client and eth1 has
> 192.168.3.0 n/w.
>
> etho:122:166:133.xxx eth0:1 :122.166.133. xxx
>
> eth 1:192.168.3.xxx eth1:1 192.168.3.xxx
Okay. And how are you testing your setup? Which IP does the client have?

> As you said no iptable rule why so
Why do you think, you need an iptable rule?
LVS-NAT is explained in [1]:
> When a user accesses the service provided by the server cluster, the
> request packet destined for virtual IP address (the external IP
> address for the load balancer) arrives at the load balancer. The load
> balancer examines the packet's destination address and port number.
> If they are matched for a virtual server service according to the
> virtual server rule table, a real server is chosen from the cluster
> by a scheduling algorithm, and the connection is added into the hash
> table which record the established connection. Then, the destination
> address and the port of the packet are rewritten to those of the
> chosen server, and the packet is forwarded to the server. When the
> incoming packet belongs to this connection and the chosen server can
> be found in the hash table, the packet will be rewritten and
> forwarded to the chosen server. When the reply packets come back, the
> load balancer rewrites the source address and port of the packets to
> those of the virtual service. After the connection terminates or
> timeouts, the connection record will be removed in the hash table.
As you can see, all packet rewriting is done by LVS itself without the
need of iptables.
All you have to do is make sure the real servers are sending their
replies through the LVS node. That's why we make it their default gateway.
Of course I don't know if you have any iptables rules already in place,
that make your setup stop working.


> and why gateway as eth1 instead of eth1:1 .it is mentioned in
> documentation use VIP eth1:1 as gateway for real servers. pls m
> confused .Can u pls explain??
Which part of the documentation exactly? Do you have a link?
I see a definition problem here.
VIP could stand for
* the IP the LVS (Linux VIRTUAL Server) is presenting to the outside
world (the IP of the big virtual Server, that in reality consists of
your loadbalancer and some real nodes)
* an additional flexible IP on the LVS node (additional to the "real" IP
of the network interface (eth0 vs. eth0:1) )

I was talking about the latter. For LVS to work it doesn't matter which
IP of your LVS node you use (eth1 or eth1:1), as long as you configure
it in a consistent way.
If you only have a single LVS node (no failover cluster), virtual
(additional) IPs on your LVS node shouldn't be necessary.
You can use the IPs the LVS node already has on each interface.
But it shouldn't be a problem to use the VIPs.

[1] http://www.linuxvirtualserver.org/VS-NAT.html
Attachments: signature.asc (0.26 KB)


reet.vyas28 at gmail

Mar 29, 2012, 5:06 AM

Post #8 of 16 (1154 views)
Permalink
Re: [lvs-users] Natting Issue [In reply to]

Hi this link m using to configure can u pls tell what shud my gateway as
per my network
http://www.centos.org/docs/4/4.5/SAC_Virtual_Server_Administration/s1-piranha-globalset-VSA.html

On Thu, Mar 29, 2012 at 5:25 PM, Enno Gröper <enno+lvs [at] groeper-berlin>wrote:

> Hi,
>
> Am 29.03.2012 12:54, schrieb Reet Vyas:
> > thanks for replying. my network is as follows:
> >
> > lvs has two nic etho and eth1 and my local is connect to eth1 and
> > external to eth0
> >
> > eth0 : has external ip cause we are working for client and eth1 has
> > 192.168.3.0 n/w.
> >
> > etho:122:166:133.xxx eth0:1 :122.166.133. xxx
> >
> > eth 1:192.168.3.xxx eth1:1 192.168.3.xxx
> Okay. And how are you testing your setup? Which IP does the client have?
>
> > As you said no iptable rule why so
> Why do you think, you need an iptable rule?
> LVS-NAT is explained in [1]:
> > When a user accesses the service provided by the server cluster, the
> > request packet destined for virtual IP address (the external IP
> > address for the load balancer) arrives at the load balancer. The load
> > balancer examines the packet's destination address and port number.
> > If they are matched for a virtual server service according to the
> > virtual server rule table, a real server is chosen from the cluster
> > by a scheduling algorithm, and the connection is added into the hash
> > table which record the established connection. Then, the destination
> > address and the port of the packet are rewritten to those of the
> > chosen server, and the packet is forwarded to the server. When the
> > incoming packet belongs to this connection and the chosen server can
> > be found in the hash table, the packet will be rewritten and
> > forwarded to the chosen server. When the reply packets come back, the
> > load balancer rewrites the source address and port of the packets to
> > those of the virtual service. After the connection terminates or
> > timeouts, the connection record will be removed in the hash table.
> As you can see, all packet rewriting is done by LVS itself without the
> need of iptables.
> All you have to do is make sure the real servers are sending their
> replies through the LVS node. That's why we make it their default gateway.
> Of course I don't know if you have any iptables rules already in place,
> that make your setup stop working.
>
>
> > and why gateway as eth1 instead of eth1:1 .it is mentioned in
> > documentation use VIP eth1:1 as gateway for real servers. pls m
> > confused .Can u pls explain??
> Which part of the documentation exactly? Do you have a link?
> I see a definition problem here.
> VIP could stand for
> * the IP the LVS (Linux VIRTUAL Server) is presenting to the outside
> world (the IP of the big virtual Server, that in reality consists of
> your loadbalancer and some real nodes)
> * an additional flexible IP on the LVS node (additional to the "real" IP
> of the network interface (eth0 vs. eth0:1) )
>
> I was talking about the latter. For LVS to work it doesn't matter which
> IP of your LVS node you use (eth1 or eth1:1), as long as you configure
> it in a consistent way.
> If you only have a single LVS node (no failover cluster), virtual
> (additional) IPs on your LVS node shouldn't be necessary.
> You can use the IPs the LVS node already has on each interface.
> But it shouldn't be a problem to use the VIPs.
>
> [1] http://www.linuxvirtualserver.org/VS-NAT.html
>
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
> Send requests to lvs-users-request [at] LinuxVirtualServer
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


enno+lvs at groeper-berlin

Mar 29, 2012, 5:23 AM

Post #9 of 16 (1152 views)
Permalink
Re: [lvs-users] Natting Issue [In reply to]

Hi,

Am 29.03.2012 14:06, schrieb Reet Vyas:
> Hi this link m using to configure can u pls tell what shud my gateway as
> per my network
> http://www.centos.org/docs/4/4.5/SAC_Virtual_Server_Administration/s1-piranha-globalset-VSA.html
I have no idea of Piranha. But I will try.
Primary server public IP: 122.166.233.136
NAT Router IP: 192.168.3.10
NAT Router netmask: 255.255.255.0
NAT Router device: eth1:1

This should be the setup you already had. But there is nothing wrong
with it.
Where is the part, that mentions iptables?

default gateway of real servers is 192.168.3.10?
How do you test your setup?
Attachments: signature.asc (0.26 KB)


reet.vyas28 at gmail

Mar 29, 2012, 5:42 AM

Post #10 of 16 (1167 views)
Permalink
Re: [lvs-users] Natting Issue [In reply to]

I have no idea of Piranha. But I will try.
Primary server public IP: 122.166.233.136
NAT Router IP: 192.168.3.10
NAT Router netmask: 255.255.255.0
NAT Router device: eth1:1

instead of this ip 122.166.233.136, ip is 122.166.233.133 as .136 is VIP .
i have twwo VIP one for eth0 and one for eth1 . Correct me if i m dng
something wrong

default gateway of real servers is 192.168.3.10?
How do you test your setup?
this is my tcpdump on eth0 for 5004 port and tcpdump for eth1 is nothing
means it is coming to lvs but not going to real server

18:06:46.533407 IP 122.166.233.133.avt-profile-1 > 14.140.226.234.54951:
Flags [R.], seq 0, ack 3449547871, win 0, length 0
18:06:47.145247 IP 14.140.226.234.54951 > 122.166.233.133.avt-profile-1:
Flags [S], seq 3449547870, win 8192, options [mss 1460,nop,nop,sackOK],
length 0
18:06:47.145275 IP 122.166.233.133.avt-profile-1 > 14.140.226.234.54951:
Flags [R.], seq 0, ack 1, win 0, length 0
18:06:47.810289 IP 14.140.226.234.54951 > 122.166.233.133.avt-profile-1:
Flags [S], seq 3449547870, win 8192, options [mss 1460,nop,nop,sackOK],
length 0
18:06:47.810302 IP 122.166.233.133.avt-profile-1 > 14.140.226.234.54951:
Flags [R.], seq 0, ack 1, win 0, length 0
18:06:48.086243 IP 14.140.226.234.54952 > 122.166.233.133.avt-profile-1:
Flags [S], seq 1133302008, win 8192, options [mss 1460,nop,nop,sackOK],
length 0
18:06:48.086257 IP 122.166.233.133.avt-profile-1 > 14.140.226.234.54952:
Flags [R.], seq 0, ack 1133302009, win 0, length 0
18:06:48.823466 IP 14.140.226.234.54952 > 122.166.233.133.avt-profile-1:
Flags [S], seq 1133302008, win 8192, options [mss 1460,nop,nop,sackOK],
length 0
18:06:48.823487 IP 122.166.233.133.avt-profile-1 > 14.140.226.234.54952:
Flags [R.], seq 0, ack 1, win 0, length 0
18:06:49.563384 IP 14.140.226.234.54952 > 122.166.233.133.avt-profile-1:
Flags [S], seq 1133302008, win 8192, options [mss 1460,nop,nop,sackOK],
length 0
18:06:49.563409 IP 122.166.233.133.avt-profile-1 > 14.140.226.234.54952:
Flags [R.], seq 0, ack 1, win 0, length 0


On Thu, Mar 29, 2012 at 5:53 PM, Enno Gröper <enno+lvs [at] groeper-berlin>wrote:

> Hi,
>
> Am 29.03.2012 14:06, schrieb Reet Vyas:
> > Hi this link m using to configure can u pls tell what shud my gateway as
> > per my network
> >
> http://www.centos.org/docs/4/4.5/SAC_Virtual_Server_Administration/s1-piranha-globalset-VSA.html
> I have no idea of Piranha. But I will try.
> Primary server public IP: 122.166.233.136
> NAT Router IP: 192.168.3.10
> NAT Router netmask: 255.255.255.0
> NAT Router device: eth1:1
>
> This should be the setup you already had. But there is nothing wrong
> with it.
> Where is the part, that mentions iptables?
>
> default gateway of real servers is 192.168.3.10?
> How do you test your setup?
>
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
> Send requests to lvs-users-request [at] LinuxVirtualServer
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


enno+lvs at groeper-berlin

Mar 29, 2012, 6:07 AM

Post #11 of 16 (1156 views)
Permalink
Re: [lvs-users] Natting Issue [In reply to]

Am 29.03.2012 14:42, schrieb Reet Vyas:
> I have no idea of Piranha. But I will try.
> Primary server public IP: 122.166.233.136
> NAT Router IP: 192.168.3.10
> NAT Router netmask: 255.255.255.0
> NAT Router device: eth1:1
>
> instead of this ip 122.166.233.136, ip is 122.166.233.133 as .136 is VIP .
> i have twwo VIP one for eth0 and one for eth1 . Correct me if i m dng
> something wrong
Please show me the output of "ipvsadm -Ln".
Attachments: signature.asc (0.26 KB)


enno+lvs at groeper-berlin

Mar 29, 2012, 6:12 AM

Post #12 of 16 (1155 views)
Permalink
Re: [lvs-users] Natting Issue [In reply to]

Am 29.03.2012 14:42, schrieb Reet Vyas:
> I have no idea of Piranha. But I will try.
> Primary server public IP: 122.166.233.136
> NAT Router IP: 192.168.3.10
> NAT Router netmask: 255.255.255.0
> NAT Router device: eth1:1
>
> instead of this ip 122.166.233.136, ip is 122.166.233.133 as .136 is VIP .
> i have twwo VIP one for eth0 and one for eth1 . Correct me if i m dng
> something wrong

> this is my tcpdump on eth0 for 5004 port and tcpdump for eth1 is nothing
> means it is coming to lvs but not going to real server
>
> 18:06:46.533407 IP 122.166.233.133.avt-profile-1 > 14.140.226.234.54951:
> Flags [R.], seq 0, ack 3449547871, win 0, length 0
> 18:06:47.145247 IP 14.140.226.234.54951 > 122.166.233.133.avt-profile-1:
> Flags [S], seq 3449547870, win 8192, options [mss 1460,nop,nop,sackOK],
> length 0
On your previous setups 122.166.233.136 was used for LVS.
Why are you trying to connect to 122.166.233.133?
Your client has to use the VIP of the virtual service.
Attachments: signature.asc (0.26 KB)


reet.vyas28 at gmail

Mar 29, 2012, 6:31 AM

Post #13 of 16 (1152 views)
Permalink
Re: [lvs-users] Natting Issue [In reply to]

cause this is external ip of server eth0: 122.166.233.133 and eth0:1 has
122.166.233.136 (VIP) my ipvsadm -l -n
TCP 122.166.233.136:5000 rr
TCP 122.166.233.137:5001 rr
TCP 122.166.233.138:80 rr
-> 192.168.3.3:80 Masq 1 0 0
TCP 122.166.233.139:5004 rr


On Thu, Mar 29, 2012 at 6:42 PM, Enno Gröper <enno+lvs [at] groeper-berlin>wrote:

>
> Am 29.03.2012 14:42, schrieb Reet Vyas:
> > I have no idea of Piranha. But I will try.
> > Primary server public IP: 122.166.233.136
> > NAT Router IP: 192.168.3.10
> > NAT Router netmask: 255.255.255.0
> > NAT Router device: eth1:1
> >
> > instead of this ip 122.166.233.136, ip is 122.166.233.133 as .136 is VIP
> .
> > i have twwo VIP one for eth0 and one for eth1 . Correct me if i m dng
> > something wrong
>
> > this is my tcpdump on eth0 for 5004 port and tcpdump for eth1 is nothing
> > means it is coming to lvs but not going to real server
> >
> > 18:06:46.533407 IP 122.166.233.133.avt-profile-1 > 14.140.226.234.54951:
> > Flags [R.], seq 0, ack 3449547871, win 0, length 0
> > 18:06:47.145247 IP 14.140.226.234.54951 > 122.166.233.133.avt-profile-1:
> > Flags [S], seq 3449547870, win 8192, options [mss 1460,nop,nop,sackOK],
> > length 0
> On your previous setups 122.166.233.136 was used for LVS.
> Why are you trying to connect to 122.166.233.133?
> Your client has to use the VIP of the virtual service.
>
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
> Send requests to lvs-users-request [at] LinuxVirtualServer
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


enno+lvs at groeper-berlin

Mar 29, 2012, 10:55 AM

Post #14 of 16 (1135 views)
Permalink
Re: [lvs-users] Natting Issue [In reply to]

Hi,

Am 29.03.2012 15:31, schrieb Reet Vyas:
> cause this is external ip of server eth0: 122.166.233.133 and eth0:1 has
> 122.166.233.136 (VIP) my ipvsadm -l -n
You should be able to reach your server from extern using the VIP.
It's simply an additional IP.


> TCP 122.166.233.136:5000 rr
> TCP 122.166.233.137:5001 rr
> TCP 122.166.233.138:80 rr
> -> 192.168.3.3:80 Masq 1 0 0
> TCP 122.166.233.139:5004 rr
This looks completely broken.
I suppose piranha has generated this. But I really don't know why.
I reckon piranha is configured wrong.

Is this the complete output?
There are 4 virtual services:
TCP 122.166.233.136:5000
TCP 122.166.233.137:5001
TCP 122.166.233.138:80
TCP 122.166.233.139:5004

Only one (.138) has real servers configured.
Since you try to connect to 122.166.233.133:5004 and there is no LVS
service configured for this, it simply can't work.


If you let your client connect to 122.166.233.133:5004, it should look like:
TCP 122.166.233.133:5004 rr
-> 192.168.3.2:5004 Masq 1 0 0
-> 192.168.3.3:5004 Masq 1 0 0

This configuration would distribute requests directed to
122.166.233.133:5004 to the services listening on port 5004 on the real
servers 192.168.3.2 and 192.168.3.3.
Of course you could configure the virtual service to listen on your VIP.
But then your client should try to connect to the VIP and not the
"external IP"! Both IPs are on the same net. They should work both.

HTH,
Enno
Attachments: signature.asc (0.26 KB)


reet.vyas28 at gmail

Mar 29, 2012, 10:33 PM

Post #15 of 16 (1143 views)
Permalink
Re: [lvs-users] Natting Issue [In reply to]

Ports from 5000 to 5008 are not all http request .As we are implementing
chat server for this .Below are the details.
Chat ports :

5004: Client Chat Login

5005: Client Chat message receiver.



Broadcast ports:

5001: Client message receiver

5002: Client updated receiver

5003: Client Message Update receiver.



File Transfer Ports:

5006: File Transfer login.

5007: File transfer login.



Logout:

5008: Log out user


122.166.233.133 iis my lvs router IP and and 122.166.233.136 is VIp on this
and for internal n/w on eth1 192.168.3.1 and vip on eth1 is 192.168.3.10 as
u know my real server ip's . I followed documentation still its broken
could find any logs can u pls tell me how to check logs or info whats wrng
with configuration
On Thu, Mar 29, 2012 at 11:25 PM, Enno Gröper <enno+lvs [at] groeper-berlin>wrote:

> Hi,
>
> Am 29.03.2012 15:31, schrieb Reet Vyas:
> > cause this is external ip of server eth0: 122.166.233.133 and eth0:1 has
> > 122.166.233.136 (VIP) my ipvsadm -l -n
> You should be able to reach your server from extern using the VIP.
> It's simply an additional IP.
>
>
> > TCP 122.166.233.136:5000 rr
> > TCP 122.166.233.137:5001 rr
> > TCP 122.166.233.138:80 rr
> > -> 192.168.3.3:80 Masq 1 0 0
> > TCP 122.166.233.139:5004 rr
> This looks completely broken.
> I suppose piranha has generated this. But I really don't know why.
> I reckon piranha is configured wrong.
>
> Is this the complete output?
> There are 4 virtual services:
> TCP 122.166.233.136:5000
> TCP 122.166.233.137:5001
> TCP 122.166.233.138:80
> TCP 122.166.233.139:5004
>
> Only one (.138) has real servers configured.
> Since you try to connect to 122.166.233.133:5004 and there is no LVS
> service configured for this, it simply can't work.
>
>
> If you let your client connect to 122.166.233.133:5004, it should look
> like:
> TCP 122.166.233.133:5004 rr
> -> 192.168.3.2:5004 Masq 1 0 0
> -> 192.168.3.3:5004 Masq 1 0 0
>
> This configuration would distribute requests directed to
> 122.166.233.133:5004 to the services listening on port 5004 on the real
> servers 192.168.3.2 and 192.168.3.3.
> Of course you could configure the virtual service to listen on your VIP.
> But then your client should try to connect to the VIP and not the
> "external IP"! Both IPs are on the same net. They should work both.
>
> HTH,
> Enno
>
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
> Send requests to lvs-users-request [at] LinuxVirtualServer
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


enno+lvs at groeper-berlin

Mar 30, 2012, 11:03 AM

Post #16 of 16 (1133 views)
Permalink
Re: [lvs-users] Natting Issue [In reply to]

Am 30.03.2012 07:33, schrieb Reet Vyas:
> Ports from 5000 to 5008 are not all http request .As we are implementing
> chat server for this .Below are the details.
> Chat ports :
>
> 5004: Client Chat Login
>
> 5005: Client Chat message receiver.
>
>
>
> Broadcast ports:
>
> 5001: Client message receiver
>
> 5002: Client updated receiver
>
> 5003: Client Message Update receiver.
>
>
>
> File Transfer Ports:
>
> 5006: File Transfer login.
>
> 5007: File transfer login.
>
>
>
> Logout:
>
> 5008: Log out user
>
>
> 122.166.233.133 iis my lvs router IP and and 122.166.233.136 is VIp on this
> and for internal n/w on eth1 192.168.3.1 and vip on eth1 is 192.168.3.10 as
> u know my real server ip's . I followed documentation still its broken
> could find any logs can u pls tell me how to check logs or info whats wrng
> with configuration
Sorry. I'm not using piranha and I have no knowledge about it.
If you don't want to configure ipvs directly using ipvsadm, you could
use ldirectord, which is pretty straight forward.
It is configured using a plain text file.

It is obvious what is wrong with your configuration. No logs needed.
You can see what is configured using "ipvsadm -Ln".
I wrote to you in my last email what should be configured for port 5004.
It's pretty simple to make the same configuration for other ports, once
the configuration for port 5004 is correct.


> On Thu, Mar 29, 2012 at 11:25 PM, Enno Gröper <enno+lvs [at] groeper-berlin>wrote:
>> If you let your client connect to 122.166.233.133:5004, it should look
>> like:
>> TCP 122.166.233.133:5004 rr
>> -> 192.168.3.2:5004 Masq 1 0 0
>> -> 192.168.3.3:5004 Masq 1 0 0
>>
>> This configuration would distribute requests directed to
>> 122.166.233.133:5004 to the services listening on port 5004 on the real
>> servers 192.168.3.2 and 192.168.3.3.
>> Of course you could configure the virtual service to listen on your VIP.
>> But then your client should try to connect to the VIP and not the
>> "external IP"! Both IPs are on the same net. They should work both.
Attachments: signature.asc (0.26 KB)

Linux Virtual Server users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.