On Fri, 2008-01-18 at 12:39 -0800, Joseph Mack NA3T wrote: > On Fri, 18 Jan 2008, chris barry wrote: > > >> I assume you've read my attempts at xdmcp in the HOWTO. It > >> looks like you got further than me. If so, can you send me > >> (off-line) what you did, so I can update the HOWTO. > > > > Yes. > > thanks got it. I was hoping for a verbal description of how > to get it going :-)
I'll try to write something up soon. > > Can you run your setup without iptables rules. You shouldn't > need them to set up any standard LVS, and they'll only > confuse the picture till you get it running. Well, originally I didn't. I needed the POSTROUTING rules to get stuff to work. > > >> are you then connecting directly to the realserver by > >> chance. > > > > That's what I'm not sure of. It seems so, however the clients cannot > > route to the real servers on their own, > > don't trust ping on this. You'll need tcpdump These nodes are on a private LAN that has no routes to it except through the director. That and the default gateway on all of the nodes is the inside VIP of the director. > > > so the packets must be somehow going around the lvs stuff. > > I think it's a FWM issue too. I'll need to do some more > > captures to understand what port ranges are being used. > > From what you say in the howto, basically you hook up on > > 177, but after that it's not used anymore. the RS and > > client must negotiate another port to use. > > If X steps in next, there'll be a whole heap of ports at > 6000 (I think). Look at the writeup for ftp, identd and rsh > for the problems that LVS gets into when the realserver > negotiates ports with the client that the director doesn't > know about. This is it in a nutshell. I need to sniff, get a handle on the port ranges used, and bundle them up in a FWM. > > Can you tunnel the X through ssh? Yes. This works fine. X works fine for that matter, it just falls out of the connection list and I can't (easily) tell who's connected. > > >> I think you're going to have to be the one to figure it > >> out. If X is involved as well, there's many ports > >> involved - you may have to group them with fwmarks. > > > > yep. I think you're right. I'll send my ipvsadm and > > iptables files your way for perusal. > > Can you try a more minimal setup. You have enough lines in > your ipvsadm output to be an X-server farm heh. that's EXACTLY what it is! ;) It's a vnc/xdmcp/nfs/ssh/and telnet farm. Basically the only thing it doesn't do is http... ;) It's call SDS or Software Development System. a 6 node virtualized gfs development cluster. I wrote a monitoring framework for these protocols that handles add/remove from the lvs table with email alerting. Trying to do anything out of the ordinary with nanny segfaults it. Thanks for your help Joe. I will do a howto on this once it gets deployed. And I'll let you know when I solve this port range puzzle. > > Joe > _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
