[brlug-general] Forwarding LDAP through LVS

Mon Mar 7 13:21:40 2005 

In this example, 172.24.4.110 is the requesting client.  172.20.4.244 is
the VIP and 172.20.10.172 is the realserver. I am unable to make a LDAP
connection to 172.20.10.172.  Can someone lead me in the right direction
to help me troubleshoot this?  

Below is the commands I issue to configure LVS:

#!/bin/bash
ifconfig eth0:0 172.20.4.244 netmask 255.255.254.0 broadcast
172.20.11.255
ipvsadm -A -t 172.20.4.244:389
ipvsadm -a -t 172.20.4.244:389 -r 172.20.10.172:389 -m

----

Here is the output from tcpdump:

oes:~ # tcpdump -n -i any port 389
tcpdump: WARNING: Promiscuous mode not supported on the "any" device
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 96
bytes

12:30:25.474804 IP 172.20.4.110.4457 > 172.20.4.244.389: S
164141542:164141542(0) win 64512 <mss 1460,nop,nop,sackOK>
12:30:25.474921 IP 172.20.4.110.4457 > 172.20.10.172.389: S
164141542:164141542(0) win 64512 <mss 1460,nop,nop,sackOK>
12:30:28.380196 IP 172.20.4.110.4457 > 172.20.4.244.389: S
164141542:164141542(0) win 64512 <mss 1460,nop,nop,sackOK>
12:30:28.380207 IP 172.20.4.110.4457 > 172.20.10.172.389: S
164141542:164141542(0) win 64512 <mss 1460,nop,nop,sackOK>
12:30:34.395805 IP 172.20.4.110.4457 > 172.20.4.244.389: S
164141542:164141542(0) win 64512 <mss 1460,nop,nop,sackOK>
12:30:34.395813 IP 172.20.4.110.4457 > 172.20.10.172.389: S
164141542:164141542(0) win 64512 <mss 1460,nop,nop,sackOK>
12:30:39.633840 IP 172.20.5.100.46887 > 172.20.10.172.389: S
3757061999:3757061999(0) win 3072
12:30:39.954217 IP 172.20.5.100.46888 > 172.20.10.172.389: S
4222666077:4222666077(0) win 2048
12:30:39.955037 IP 172.20.10.172.389 > 172.20.5.100.46888: S
3624954624:3624954624(0) ack 4222666078 win 5840 <mss 1460>
12:30:39.955049 IP 172.20.5.100.46888 > 172.20.10.172.389: R
4222666078:4222666078(0) win 0


-------

Here is output from 172.20.10.172 to show that LDAP (389) is open:

tarting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2005-03-07 12:30
CST
Interesting ports on xxxxxxxxxxxxx (172.20.10.172):
(The 1645 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
389/tcp  open  ldap
more 
more
.
.

---

..I noticed "NAT of Local Connections" wasnt installed in the kernel
this box is using.  Could this be the problem?

Thanks, Ryan

Reply via email to