Thank you Graeme - I will check it.. XUFENG - configurations and diagram attached...
All servers, including director are running apache and it's ok when accessing them from external addresses - everything works just great, only problem is that I cannot (yet) forward packets from active director to standby. *Internal machine is realserver itself* - i want to access *external VIP of director* which forwards packets *to director itself and this realserver*too... If director is forwarding packet to *localhost* - it's ok, but if it's forwarded to *any realserver* back - it's failed. I don't undestand exactly how masquerading is working in this case and I guess that's where the problem is... -- BR, George Machitidze
Any realserver:
[r...@real4 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.1.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1004 0 0 eth0
0.0.0.0 10.1.0.51 0.0.0.0 UG 0 0 0 eth0
[r...@real4 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:30:48:99:1E:B8
inet addr:10.1.0.4 Bcast:10.1.0.255 Mask:255.255.255.0
inet6 addr: fe80::230:48ff:fe99:1eb8/64 Scope:Link
UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
RX packets:463870195 errors:0 dropped:0 overruns:0 frame:0
TX packets:478407950 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2246925508 (2.0 GiB) TX bytes:3058506896 (2.8 GiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:9477 errors:0 dropped:0 overruns:0 frame:0
TX packets:9477 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:727761 (710.7 KiB) TX bytes:727761 (710.7 KiB)
[r...@real4 ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[r...@acs4 ~]# curl http://100.100.100.3
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
</body></html>
[r...@acs4 ~]# curl http://100.100.100.3
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
</body></html>
[r...@acs4 ~]# curl http://100.100.100.3
^[[A
^[[A
^C
[r...@acs4 ~]# curl http://100.100.100.3
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
</body></html>
[r...@acs4 ~]# curl http://100.100.100.3
^C
[r...@acs4 ~]# curl http://100.100.100.3
^C<<attachment: alva.png>>
Active LVS Director:
[r...@lvs2 ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 100.100.100.3:80 rr
-> 10.1.0.5:80 Masq 50 312 214
-> 10.1.0.4:80 Masq 50 263 230
-> 10.1.0.3:80 Masq 50 251 213
-> 127.0.0.1:80 Local 30 51 220
[r...@lvs2 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:30:48:99:1D:54
inet addr:100.100.100.2 Bcast:100.100.100.255 Mask:255.255.255.0
inet6 addr: fe80::230:48ff:fe99:1d54/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:58028143 errors:0 dropped:0 overruns:0 frame:0
TX packets:69775689 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:312195065 (297.7 MiB) TX bytes:4205741804 (3.9 GiB)
Memory:e8000000-e8020000
eth0:1 Link encap:Ethernet HWaddr 00:30:48:99:1D:54
inet addr:100.100.100.3 Bcast:100.100.100.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Memory:e8000000-e8020000
eth1 Link encap:Ethernet HWaddr 00:30:48:99:1D:55
inet addr:10.1.0.2 Bcast:10.1.0.255 Mask:255.255.255.0
inet6 addr: fe80::230:48ff:fe99:1d55/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:148200449 errors:0 dropped:0 overruns:0 frame:0
TX packets:118005147 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3363327746 (3.1 GiB) TX bytes:1392383626 (1.2 GiB)
Memory:e8200000-e8220000
eth1:1 Link encap:Ethernet HWaddr 00:30:48:99:1D:55
inet addr:10.1.0.51 Bcast:10.1.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Memory:e8200000-e8220000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:697605 errors:0 dropped:0 overruns:0 frame:0
TX packets:697605 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:140456084 (133.9 MiB) TX bytes:140456084 (133.9 MiB)
[r...@lvs2 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
100.100.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.1.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1
0.0.0.0 100.100.100.1 0.0.0.0 UG 0 0 0 eth0
[r...@lvs2 ~]# service iptables status
Table: mangle
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
Table: nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 10.1.0.0/24 10.1.0.0/24
2 MASQUERADE all -- 10.1.0.0/24 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
state NEW
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
state NEW
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
state NEW
7 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-net-unreachable
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
[r...@lvs2 ~]# netstat -anp|grep LISTEN|grep 80
tcp 0 0 :::80 :::*
LISTEN 16093/httpd.worker
_______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
