Hello, I have a problem with accessing IP's of external balancer machines from internal machines:
============================ [r...@lba2 ~]# service iptables status Table: mangle Chain PREROUTING (policy ACCEPT) num target prot opt source destination Chain INPUT (policy ACCEPT) num target prot opt source destination Chain FORWARD (policy ACCEPT) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination Chain POSTROUTING (policy ACCEPT) num target prot opt source destination Table: nat Chain PREROUTING (policy ACCEPT) num target prot opt source destination Chain POSTROUTING (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- 10.1.0.0/24 10.1.0.0/24 2 MASQUERADE all -- 10.1.0.0/24 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) num target prot opt source destination Table: filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1 fail2ban-ProFTPD tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 2 fail2ban-SSH tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 5 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW 8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 state NEW 9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 state NEW 10 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-net-unreachable Chain FORWARD (policy ACCEPT) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination Chain fail2ban-ProFTPD (1 references) num target prot opt source destination 1 RETURN all -- 0.0.0.0/0 0.0.0.0/0 Chain fail2ban-SSH (1 references) num target prot opt source destination 1 RETURN all -- 0.0.0.0/0 0.0.0.0/0 ================================ this machine has external ip: 100.100.100.1 (real) 100.100.100.3 (vip) and internal ip: 10.1.0.1 (real) 10.1.0.3 (vip) and I am running internal servers with ip's: 10.1.0.10 10.1.0.20 so, all incoming connections on lba are forwarded vith ip_vs to 10.1.0.10 and 10.1.0.20 with round-robin option. if i am accessing it from outside world - everything is going fine, but: from internal machines i cannot access 100.100.100.3 ip. can you please help me with this issue and suggest solution? i cannot understand where may be the problem - in iptables configuration or somewhere else. this option prevents some web services to access itselfs via resoved domain name and because of this i am unable to launch some of sites... Thank you in advance! -- BR, George Machitidze _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
