Dear Malcolm! Thanks for your reply.
Its work. Regards, Umar On Wed, Sep 17, 2008 at 10:23 PM, <[EMAIL PROTECTED]>wrote: > Send lvs-users mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.graemef.net/mailman/listinfo/lvs-users > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of lvs-users digest..." > > Today's Topics: > > 1. Re: LVS + Xen + NAT (Josh Mullis) > 2. Re: LVS + Xen + NAT (Graeme Fowler) > 3. ldirecctord problem on slave node (Tears !) > 4. Re: ldirecctord problem on slave node (Malcolm Turnbull) > 5. Re: LVS + Xen + NAT (Josh Mullis) > 6. Re: LVS + Xen + NAT (Laurentiu C. Badea (L.C.)) > 7. Re: LVS + Xen + NAT (Josh Mullis) > > > ---------- Forwarded message ---------- > From: Josh Mullis <[EMAIL PROTECTED]> > To: "LinuxVirtualServer.org users mailing list." < > [email protected]> > Date: Wed, 17 Sep 2008 11:05:26 -0400 > Subject: Re: [lvs-users] LVS + Xen + NAT > This is a very basic setup. > > Thought maybe this award -winning diagram would help clear up any > confusion. > _____________ > | 10.0.0.5 client | > ------------------ > | > | <---DNS request to 10.0.0.80 > __|___________________ > | 10.0.0.80 eth0 | <--- > | | | | > | | | | Xen > | 192.168.122.1 NAT GW | <--|-PHYSICAL BOX > | | | | (Set > to forward traffic on > | | | | > 10.0.0.8:53 to 192.168.122.10:53 ) > | | | | > | 192.168.122.10 VM eth0 | <---| > ------------------------- > > > It seems as if I'm only missing a setting or two. > The traffic still gets to the vm, but just can't seem to make it back > out through the NAT. > > Anyone? > > > > > > > On Fri, 2008-09-12 at 16:17 -0400, Josh Mullis wrote: > > MY SETUP: > > > > - 1 physical server running as Xen Dom0 (Director) > > -LAN ip: 10.0.0.80 > > -NAT ip: 192.168.122.1 > > -Natting is setup thorugh default xen network scripts > > > > -ipvsadm -A -t 10.0.0.80:53 -s rr > > -ipvsadm -a -t 10.0.0.80:53 -r 192.168.122.10:53 -m > > -ipvsadm -A -u 10.0.0.80:53 -s rr > > -ipvsadm -a -u 10.0.0.80:53 -r 192.168.122.10:53 -m > > > > > > - 1 domU (realserver) on this box (Will add others in the future) > > -ip: 192.168.122.10 > > -gw: 192.168.122.1 > > -running BIND > > > > > > MY PROBLEM: > > > > >From a host on the 10.0.0.0 network, I can do a dig @10.0.0.80 and do > > not get a response. > > I do however see the traffic on the 192.168.122.10 virtual machine > > from > > this host on the 10.0.0.0. > > > > > > Any help is appreciated. > > > > Thanks > > -Josh > > > > > > > > > > > > _______________________________________________ > > LinuxVirtualServer.org mailing list - [email protected] > > Send requests to [EMAIL PROTECTED] > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users > > > > > > > > > ---------- Forwarded message ---------- > From: Graeme Fowler <[EMAIL PROTECTED]> > To: "LinuxVirtualServer.org users mailing list." < > [email protected]> > Date: Wed, 17 Sep 2008 16:17:08 +0100 > Subject: Re: [lvs-users] LVS + Xen + NAT > On Wed, 2008-09-17 at 11:05 -0400, Josh Mullis wrote: > > This is a very basic setup. > > ...ok... > > > Thought maybe this award -winning diagram would help clear up any > > confusion. > > Post-modern, more like. The formatting went pop in transit :) > > Simple question: does the realserver (the VM, 192.168.122.10) have a > route direct back to the 10.0.0.0/whatever network? > > More specific routes will override the default, so having a direct route > means the traffic will not necessarily traverse the director and will > therefore not be un-NATted on the way back. > > Is there some sort of virtual ethernet bridge affecting it with both > network segments on the same "virtual cable"? > > Graeme > > > > > > ---------- Forwarded message ---------- > From: "Tears !" <[EMAIL PROTECTED]> > To: [email protected] > Date: Wed, 17 Sep 2008 21:27:17 +0500 > Subject: [lvs-users] ldirecctord problem on slave node > Dear Members! > > lidrectord is not working on secondary node whenever primary node is > unavailable. > > Here is the heartbeat log on secondary node. > > heartbeat[21555]: 2008/09/17_21:04:42 info: Received shutdown notice from > 'node1'. > heartbeat[21555]: 2008/09/17_21:04:42 info: Resources being acquired from > node1. > heartbeat[22828]: 2008/09/17_21:04:42 info: acquire local HA resources > (standby). > heartbeat[22828]: 2008/09/17_21:04:42 info: local HA resource acquisition > completed (standby). > heartbeat[22829]: 2008/09/17_21:04:42 info: No local resources > [/usr/share/heartbeat/ResourceManager listkeys tears] to acquire. > heartbeat[21555]: 2008/09/17_21:04:42 info: Standby resource acquisition > done [foreign]. > harc[22854]: 2008/09/17_21:04:42 info: Running /etc/ha.d/rc.d/status > status > mach_down[22869]: 2008/09/17_21:04:42 info: Taking over resource > group > 192.168.2.25/24/eth0 > ResourceManager[22894 <http://192.168.2.25/24/eth0ResourceManager%5B22894>]: > 2008/09/17_21:04:42 info: Acquiring resource group: > node1 192.168.2.25/24/eth0 ldirectord > IPaddr[22920]: 2008/09/17_21:04:43 INFO: Resource is > stopped > ResourceManager[22894]: 2008/09/17_21:04:43 info: Running > /etc/ha.d/resource.d/IPaddr 192.168.2.25/24/eth0 start > IPaddr[23017]: 2008/09/17_21:04:43 INFO: Using calculated netmask for > 192.168.2.25: 255.255.255.0 > IPaddr[23017]: 2008/09/17_21:04:43 INFO: eval ifconfig eth0:0 > 192.168.2.25netmask > 255.255.255.0 broadcast 192.168.2.255 > IPaddr[22988]: 2008/09/17_21:04:43 INFO: > Success > > ResourceManager[22894]: 2008/09/17_21:04:43 info: Running > /etc/ha.d/resource.d/ldirectord start > ResourceManager[22894]: 2008/09/17_21:04:43 ERROR: Return code 2 from > /etc/ha.d/resource.d/ldirectord > ResourceManager[22894]: 2008/09/17_21:04:43 CRIT: Giving up resources due > to > failure of ldirectord > ResourceManager[22894]: 2008/09/17_21:04:43 info: Releasing resource group: > node1 192.168.2.25/24/eth0 ldirectord > ResourceManager[22894]: 2008/09/17_21:04:43 info: Running > /etc/ha.d/resource.d/ldirectord stop > ResourceManager[22894]: 2008/09/17_21:04:43 ERROR: Return code 2 from > /etc/ha.d/resource.d/ldirectord > ResourceManager[22894]: 2008/09/17_21:04:44 info: Retrying failed stop > operation [ldirectord] > ResourceManager[22894]: 2008/09/17_21:04:44 info: Running > /etc/ha.d/resource.d/ldirectord stop > ResourceManager[22894]: 2008/09/17_21:04:44 ERROR: Return code 2 from > /etc/ha.d/resource.d/ldirectord > ResourceManager[22894]: 2008/09/17_21:04:45 info: Retrying failed stop > operation [ldirectord] > ResourceManager[22894]: 2008/09/17_21:04:45 info: Running > /etc/ha.d/resource.d/ldirectord stop > ResourceManager[22894]: 2008/09/17_21:04:45 ERROR: Return code 2 from > /etc/ha.d/resource.d/ldirectord > ResourceManager[22894]: 2008/09/17_21:04:46 info: Retrying failed stop > operation [ldirectord] > ResourceManager[22894]: 2008/09/17_21:04:46 info: Running > /etc/ha.d/resource.d/ldirectord stop > ResourceManager[22894]: 2008/09/17_21:04:46 ERROR: Return code 2 from > /etc/ha.d/resource.d/ldirectord > ResourceManager[22894]: 2008/09/17_21:04:47 info: Retrying failed stop > operation [ldirectord] > ResourceManager[22894]: 2008/09/17_21:04:47 info: Running > /etc/ha.d/resource.d/ldirectord stop > ResourceManager[22894]: 2008/09/17_21:04:47 ERROR: Return code 2 from > /etc/ha.d/resource.d/ldirectord > ResourceManager[22894]: 2008/09/17_21:04:48 info: Retrying failed stop > operation [ldirectord] > ResourceManager[22894]: 2008/09/17_21:04:48 info: Running > /etc/ha.d/resource.d/ldirectord stop > ResourceManager[22894]: 2008/09/17_21:04:48 ERROR: Return code 2 from > /etc/ha.d/resource.d/ldirectord > ResourceManager[22894]: 2008/09/17_21:04:50 info: Retrying failed stop > operation [ldirectord] > ResourceManager[22894]: 2008/09/17_21:04:50 info: Running > /etc/ha.d/resource.d/ldirectord stop > ResourceManager[22894]: 2008/09/17_21:04:50 ERROR: Return code 2 from > /etc/ha.d/resource.d/ldirectord > ResourceManager[22894]: 2008/09/17_21:04:51 info: Retrying failed stop > operation [ldirectord] > ResourceManager[22894]: 2008/09/17_21:04:51 info: Running > /etc/ha.d/resource.d/ldirectord stop > ResourceManager[22894]: 2008/09/17_21:04:51 ERROR: Return code 2 from > /etc/ha.d/resource.d/ldirectord > ResourceManager[22894]: 2008/09/17_21:04:52 info: Retrying failed stop > operation [ldirectord] > ResourceManager[22894]: 2008/09/17_21:04:52 info: Running > /etc/ha.d/resource.d/ldirectord stop > ResourceManager[22894]: 2008/09/17_21:04:52 ERROR: Return code 2 from > /etc/ha.d/resource.d/ldirectord > ResourceManager[22894]: 2008/09/17_21:04:53 info: Retrying failed stop > operation [ldirectord] > ResourceManager[22894]: 2008/09/17_21:04:53 info: Running > /etc/ha.d/resource.d/ldirectord stop > ResourceManager[22894]: 2008/09/17_21:04:53 ERROR: Return code 2 from > /etc/ha.d/resource.d/ldirectord > heartbeat[21555]: 2008/09/17_21:04:54 WARN: node node1: is dead > heartbeat[21555]: 2008/09/17_21:04:54 info: Dead node node1 gave up > resources. > heartbeat[21555]: 2008/09/17_21:04:54 info: Link node1:eth0 dead. > ResourceManager[22894]: 2008/09/17_21:04:54 info: Retrying failed stop > operation [ldirectord] > ResourceManager[22894]: 2008/09/17_21:04:54 info: Running > /etc/ha.d/resource.d/ldirectord stop > ResourceManager[22894]: 2008/09/17_21:04:54 ERROR: Return code 2 from > /etc/ha.d/resource.d/ldirectord > ResourceManager[22894]: 2008/09/17_21:04:54 ERROR: Resource script for > ldirectord probably not LSB-compliant. > ResourceManager[22894]: 2008/09/17_21:04:54 WARN: it (ldirectord) MUST > succeed on a stop when already stopped > ResourceManager[22894]: 2008/09/17_21:04:54 WARN: Machine reboot narrowly > avoided! > ResourceManager[22894]: 2008/09/17_21:04:54 info: Running > /etc/ha.d/resource.d/IPaddr 192.168.2.25/24/eth0 stop > IPaddr[23503]: 2008/09/17_21:04:54 INFO: ifconfig eth0:0 down > IPaddr[23474]: 2008/09/17_21:04:54 INFO: Success > mach_down[22869]: 2008/09/17_21:04:54 info: > /usr/share/heartbeat/mach_down: nice_failback: foreign resources acquired > mach_down[22869]: 2008/09/17_21:04:54 info: mach_down takeover > complete for node node1. > heartbeat[21555]: 2008/09/17_21:04:54 info: mach_down takeover complete. > > Regards, > > Umar > > > > ---------- Forwarded message ---------- > From: "Malcolm Turnbull" <[EMAIL PROTECTED]> > To: "LinuxVirtualServer.org users mailing list." < > [email protected]> > Date: Wed, 17 Sep 2008 17:33:35 +0100 > Subject: Re: [lvs-users] ldirecctord problem on slave node > I assume that your ldirectord config file is invalid? (on the slave) > > ResourceManager[22894]: 2008/09/17_21:04:43 ERROR: Return code 2 from > /etc/ha.d/resource.d/ > ldirectord > ResourceManager[22894]: 2008/09/17_21:04:43 CRIT: Giving up resources due > to > failure of ldirectord > ResourceManager[22894]: 2008/09/17_21:04:43 info: Releasing resource group: > node1 192.168.2.25/24/eth0 ldirectord > ResourceManager[22894]: 2008/09/17_21: > > > > > 2008/9/17 Tears ! <[EMAIL PROTECTED]> > > > > Dear Members! > > > > lidrectord is not working on secondary node whenever primary node is > > unavailable. > > > > Here is the heartbeat log on secondary node. > > > > heartbeat[21555]: 2008/09/17_21:04:42 info: Received shutdown notice from > > 'node1'. > > heartbeat[21555]: 2008/09/17_21:04:42 info: Resources being acquired from > > node1. > > heartbeat[22828]: 2008/09/17_21:04:42 info: acquire local HA resources > > (standby). > > heartbeat[22828]: 2008/09/17_21:04:42 info: local HA resource acquisition > > completed (standby). > > heartbeat[22829]: 2008/09/17_21:04:42 info: No local resources > > [/usr/share/heartbeat/ResourceManager listkeys tears] to acquire. > > heartbeat[21555]: 2008/09/17_21:04:42 info: Standby resource acquisition > > done [foreign]. > > harc[22854]: 2008/09/17_21:04:42 info: Running /etc/ha.d/rc.d/status > > status > > mach_down[22869]: 2008/09/17_21:04:42 info: Taking over resource > group > > 192.168.2.25/24/eth0 > > ResourceManager[22894]: 2008/09/17_21:04:42 info: Acquiring resource > group: > > node1 192.168.2.25/24/eth0 ldirectord > > IPaddr[22920]: 2008/09/17_21:04:43 INFO: Resource is > > stopped > > ResourceManager[22894]: 2008/09/17_21:04:43 info: Running > > /etc/ha.d/resource.d/IPaddr 192.168.2.25/24/eth0 start > > IPaddr[23017]: 2008/09/17_21:04:43 INFO: Using calculated netmask for > > 192.168.2.25: 255.255.255.0 > > IPaddr[23017]: 2008/09/17_21:04:43 INFO: eval ifconfig eth0:0 > > 192.168.2.25netmask > > 255.255.255.0 broadcast 192.168.2.255 > > IPaddr[22988]: 2008/09/17_21:04:43 INFO: > > Success > > > > ResourceManager[22894]: 2008/09/17_21:04:43 info: Running > > /etc/ha.d/resource.d/ldirectord start > > ResourceManager[22894]: 2008/09/17_21:04:43 ERROR: Return code 2 from > > /etc/ha.d/resource.d/ldirectord > > ResourceManager[22894]: 2008/09/17_21:04:43 CRIT: Giving up resources due > to > > failure of ldirectord > > ResourceManager[22894]: 2008/09/17_21:04:43 info: Releasing resource > group: > > node1 192.168.2.25/24/eth0 ldirectord > > ResourceManager[22894]: 2008/09/17_21:04:43 info: Running > > /etc/ha.d/resource.d/ldirectord stop > > ResourceManager[22894]: 2008/09/17_21:04:43 ERROR: Return code 2 from > > /etc/ha.d/resource.d/ldirectord > > ResourceManager[22894]: 2008/09/17_21:04:44 info: Retrying failed stop > > operation [ldirectord] > > ResourceManager[22894]: 2008/09/17_21:04:44 info: Running > > /etc/ha.d/resource.d/ldirectord stop > > ResourceManager[22894]: 2008/09/17_21:04:44 ERROR: Return code 2 from > > /etc/ha.d/resource.d/ldirectord > > ResourceManager[22894]: 2008/09/17_21:04:45 info: Retrying failed stop > > operation [ldirectord] > > ResourceManager[22894]: 2008/09/17_21:04:45 info: Running > > /etc/ha.d/resource.d/ldirectord stop > > ResourceManager[22894]: 2008/09/17_21:04:45 ERROR: Return code 2 from > > /etc/ha.d/resource.d/ldirectord > > ResourceManager[22894]: 2008/09/17_21:04:46 info: Retrying failed stop > > operation [ldirectord] > > ResourceManager[22894]: 2008/09/17_21:04:46 info: Running > > /etc/ha.d/resource.d/ldirectord stop > > ResourceManager[22894]: 2008/09/17_21:04:46 ERROR: Return code 2 from > > /etc/ha.d/resource.d/ldirectord > > ResourceManager[22894]: 2008/09/17_21:04:47 info: Retrying failed stop > > operation [ldirectord] > > ResourceManager[22894]: 2008/09/17_21:04:47 info: Running > > /etc/ha.d/resource.d/ldirectord stop > > ResourceManager[22894]: 2008/09/17_21:04:47 ERROR: Return code 2 from > > /etc/ha.d/resource.d/ldirectord > > ResourceManager[22894]: 2008/09/17_21:04:48 info: Retrying failed stop > > operation [ldirectord] > > ResourceManager[22894]: 2008/09/17_21:04:48 info: Running > > /etc/ha.d/resource.d/ldirectord stop > > ResourceManager[22894]: 2008/09/17_21:04:48 ERROR: Return code 2 from > > /etc/ha.d/resource.d/ldirectord > > ResourceManager[22894]: 2008/09/17_21:04:50 info: Retrying failed stop > > operation [ldirectord] > > ResourceManager[22894]: 2008/09/17_21:04:50 info: Running > > /etc/ha.d/resource.d/ldirectord stop > > ResourceManager[22894]: 2008/09/17_21:04:50 ERROR: Return code 2 from > > /etc/ha.d/resource.d/ldirectord > > ResourceManager[22894]: 2008/09/17_21:04:51 info: Retrying failed stop > > operation [ldirectord] > > ResourceManager[22894]: 2008/09/17_21:04:51 info: Running > > /etc/ha.d/resource.d/ldirectord stop > > ResourceManager[22894]: 2008/09/17_21:04:51 ERROR: Return code 2 from > > /etc/ha.d/resource.d/ldirectord > > ResourceManager[22894]: 2008/09/17_21:04:52 info: Retrying failed stop > > operation [ldirectord] > > ResourceManager[22894]: 2008/09/17_21:04:52 info: Running > > /etc/ha.d/resource.d/ldirectord stop > > ResourceManager[22894]: 2008/09/17_21:04:52 ERROR: Return code 2 from > > /etc/ha.d/resource.d/ldirectord > > ResourceManager[22894]: 2008/09/17_21:04:53 info: Retrying failed stop > > operation [ldirectord] > > ResourceManager[22894]: 2008/09/17_21:04:53 info: Running > > /etc/ha.d/resource.d/ldirectord stop > > ResourceManager[22894]: 2008/09/17_21:04:53 ERROR: Return code 2 from > > /etc/ha.d/resource.d/ldirectord > > heartbeat[21555]: 2008/09/17_21:04:54 WARN: node node1: is dead > > heartbeat[21555]: 2008/09/17_21:04:54 info: Dead node node1 gave up > > resources. > > heartbeat[21555]: 2008/09/17_21:04:54 info: Link node1:eth0 dead. > > ResourceManager[22894]: 2008/09/17_21:04:54 info: Retrying failed stop > > operation [ldirectord] > > ResourceManager[22894]: 2008/09/17_21:04:54 info: Running > > /etc/ha.d/resource.d/ldirectord stop > > ResourceManager[22894]: 2008/09/17_21:04:54 ERROR: Return code 2 from > > /etc/ha.d/resource.d/ldirectord > > ResourceManager[22894]: 2008/09/17_21:04:54 ERROR: Resource script for > > ldirectord probably not LSB-compliant. > > ResourceManager[22894]: 2008/09/17_21:04:54 WARN: it (ldirectord) MUST > > succeed on a stop when already stopped > > ResourceManager[22894]: 2008/09/17_21:04:54 WARN: Machine reboot narrowly > > avoided! > > ResourceManager[22894]: 2008/09/17_21:04:54 info: Running > > /etc/ha.d/resource.d/IPaddr 192.168.2.25/24/eth0 stop > > IPaddr[23503]: 2008/09/17_21:04:54 INFO: ifconfig eth0:0 down > > IPaddr[23474]: 2008/09/17_21:04:54 INFO: Success > > mach_down[22869]: 2008/09/17_21:04:54 info: > > /usr/share/heartbeat/mach_down: nice_failback: foreign resources acquired > > mach_down[22869]: 2008/09/17_21:04:54 info: mach_down takeover > > complete for node node1. > > heartbeat[21555]: 2008/09/17_21:04:54 info: mach_down takeover complete. > > > > Regards, > > > > Umar > > _______________________________________________ > > LinuxVirtualServer.org mailing list - [email protected] > > Send requests to [EMAIL PROTECTED] > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users > > > > -- > Regards, > > Malcolm Turnbull. > > Loadbalancer.org Ltd. > Phone: +44 (0)870 443 8779 > http://www.loadbalancer.org/ > > > > > ---------- Forwarded message ---------- > From: Josh Mullis <[EMAIL PROTECTED]> > To: "LinuxVirtualServer.org users mailing list." < > [email protected]> > Date: Wed, 17 Sep 2008 12:34:58 -0400 > Subject: Re: [lvs-users] LVS + Xen + NAT > > Yea... sorry about the diagram. > > Only has def gateway of 192.168.122.1, which knows how to get to > 10.0.0.0 . > > Tried the direct routeanyway, but did not help. > "route add 10.0.0.0 gw 192.168.122.1" > > I can do a dig from the physical server OS to the 192.168.122.10 vm, , > which is going through the bridge. > This works perfect. > > > > On Wed, 2008-09-17 at 11:17 -0400, Graeme Fowler wrote: > > On Wed, 2008-09-17 at 11:05 -0400, Josh Mullis wrote: > > > This is a very basic setup. > > > > ...ok... > > > > > Thought maybe this award -winning diagram would help clear up any > > > confusion. > > > > Post-modern, more like. The formatting went pop in transit :) > > > > Simple question: does the realserver (the VM, 192.168.122.10) have a > > route direct back to the 10.0.0.0/whatever network? > > > > More specific routes will override the default, so having a direct > > route > > means the traffic will not necessarily traverse the director and will > > therefore not be un-NATted on the way back. > > > > Is there some sort of virtual ethernet bridge affecting it with both > > network segments on the same "virtual cable"? > > > > Graeme > > > > > > _______________________________________________ > > LinuxVirtualServer.org mailing list - [email protected] > > Send requests to [EMAIL PROTECTED] > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users > > > > > > > > > ---------- Forwarded message ---------- > From: "Laurentiu C. Badea (L.C.)" <[EMAIL PROTECTED]> > To: "LinuxVirtualServer.org users mailing list." < > [email protected]> > Date: Wed, 17 Sep 2008 09:59:27 -0700 > Subject: Re: [lvs-users] LVS + Xen + NAT > > Graeme Fowler wrote: > >> Simple question: does the realserver (the VM, 192.168.122.10) have a >> route direct back to the 10.0.0.0/whatever network? >> >> > Xen creates a virtual bridge and adds a few iptables rules to control > access and do NAT for its clients, while the host domain becomes their > gateway. So you have the LVS setup sitting on top of a NAT router. > > I would take a look at the iptables setup and check the packet counters > during a query, especially on reject rules. Then try to insert rules to make > it work and make sure the ruleset is maintained across reboots (Xen > dynamically inserts rules when the bridges are brought up). > > -- > Laurentiu > > > > > ---------- Forwarded message ---------- > From: Josh Mullis <[EMAIL PROTECTED]> > To: "LinuxVirtualServer.org users mailing list." < > [email protected]> > Date: Wed, 17 Sep 2008 13:22:23 -0400 > Subject: Re: [lvs-users] LVS + Xen + NAT > I actually expected to see some different rules than what I have. > Not sure what I need to add. > > Here are my current tables. > (Spaces replaced with -'s for formatting) > > iptables -L > > Chain-INPUT(policyACCEPT) > target-prot-opt-source-destination > ACCEPT-udp--anywhere-anywhere-udp dpt:domain > ACCEPT-tcp--anywhere-anywhere-tcp dpt:domain > ACCEPT-udp--anywhere-anywhere-udp dpt:bootps > ACCEPT-tcp--anywhere-anywhere-tcp dpt:bootps > > Chain-FORWARD(policyACCEPT) > target-prot-opt-source-destination > ACCEPT-all--anywhere-192.168.122.0/24-state-RELATED,ESTABLISHED > ACCEPT-all--192.168.122.0/24-anywhere > ACCEPT-all--anywhere-anywhere > REJECT-all--anywhere-anywhere-reject-with icmp-port-unreachable > REJECT-all--anywhere-anywhere-reject-with icmp-port-unreachable > ACCEPT-all--192.168.122.10-anywhere-PHYSDEV-match--physdev-in vif2.0 > ACCEPT-udp--anywhere-anywhere-PHYSDEV-match--physdev-in-vif2.0-udp-spt:bootpc > dpt:bootps > > Chain-OUTPUT-(policyACCEPT) > target-prot-opt-source-destination > > > > > > > On Wed, 2008-09-17 at 12:59 -0400, Laurentiu C. Badea (L.C.) wrote: > > > > Graeme Fowler wrote: > > > Simple question: does the realserver (the VM, 192.168.122.10) have a > > > route direct back to the 10.0.0.0/whatever network? > > > > > > > Xen creates a virtual bridge and adds a few iptables rules to control > > access and do NAT for its clients, while the host domain becomes their > > gateway. So you have the LVS setup sitting on top of a NAT router. > > > > I would take a look at the iptables setup and check the packet > > counters > > during a query, especially on reject rules. Then try to insert rules > > to > > make it work and make sure the ruleset is maintained across reboots > > (Xen > > dynamically inserts rules when the bridges are brought up). > > > > -- > > Laurentiu > > > > _______________________________________________ > > LinuxVirtualServer.org mailing list - [email protected] > > Send requests to [EMAIL PROTECTED] > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users > > > > > > > > _______________________________________________ > lvs-users mailing list > [email protected] > http://lists.graemef.net/mailman/listinfo/lvs-users > > -- Umar Draz Network Administrator _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
