On Thu, 2009-02-12 at 18:06 -0800, Praveen Sooryanarayana wrote: > Yes, it's on the real servers. And the LVS also works fine.
But... > Also, if I send requests to <Virtual ip>:8080, everything works fine. Your original message says: > Output of ipvsadm -L -n: > > IP Virtual Server version 1.2.1 (size=4096) > Prot LocalAddress:Port Scheduler Flags > -> RemoteAddress:Port Forward Weight ActiveConn InActConn > TCP 10.10.50.100:8080 rr > -> 10.10.50.11:8080 Route 1 0 0 > -> 10.10.50.12:8080 Local 1 0 0 ...and... > iptables -t nat -A PREROUTING -p tcp -d 10.10.50.100 --dport 80 -j > DNAT --to 10.10.50.100:8080 Taken together, this implies that the rule is running on the *director* and not on the realservers such that an incoming packet to the VIP hits the director on port 80, gets mapped to 8080 and then load balanced (this is what you want, isn't it?). It won't work on a number of counts: 1. netfilter and ipvs hook packets in different places in the traffic flow. It's rarely possible to mangle a packet with DNAT and then get ipvs to pick it up, because the packet has already traversed the ipvs hook and been missed [Joe, remind me sometime to work up that packet flow diagram]. 2. You're using gate, or LVS-DR. This means the realservers respond directly to the clients - and if they're responding from port 8080, the responses will be ignored by the clients as they expect a response from port 80. I'd say that in this case, although it increases the complexity a bit, you'd be better off making Tomcat listen on port 80 or make use of Apache's mod_jk to hook Apache on port 80 and Tomcat on 8080 together. Graeme _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
