configure it as Tunnel .
On Mon, Apr 4, 2016 at 2:50 PM, Aldo Sarmiento <a...@bigpurpledot.com> wrote: > Hello, > > I'm pretty new to the LVS configuration world, but I hear great things. I > am trying to setup a Director on a separate network than the Real Servers > in a proof of concept scenario. > > The Director is on a private subnet & the Real Server will be using a > public IP address. I followed the tutorial at > http://www.ultramonkey.org/papers/lvs_tutorial/html/ > > Anyhow, the whole config & tcp dumps here: > > ## LVS Machine > root@lvs01:~# ipvsadm -L -n > IP Virtual Server version 1.2.1 (size=4096) > Prot LocalAddress:Port Scheduler Flags > -> RemoteAddress:Port Forward Weight ActiveConn InActConn > TCP 172.20.10.6:80 wlc > -> 98.191.200.182:80 Tunnel 1 0 4 > > root@lvs01:~# sysctl -a | grep ip_forward > net.ipv4.ip_forward = 1 > > root@lvs01:~# ifconfig > eth0 Link encap:Ethernet HWaddr 08:00:27:2d:11:6c > inet addr:172.20.10.6 Bcast:172.20.10.15 Mask:255.255.255.240 > inet6 addr: 2600:1012:b159:7dc6:a00:27ff:fe2d:116c/64 > Scope:Global > inet6 addr: 2600:1012:b159:7dc6:2580:c3e0:7f22:90c8/64 > Scope:Global > inet6 addr: fe80::a00:27ff:fe2d:116c/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:2293 errors:0 dropped:0 overruns:0 frame:0 > TX packets:1551 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:478202 (478.2 KB) TX bytes:288698 (288.6 KB) > Interrupt:19 Base address:0xd020 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > inet6 addr: ::1/128 Scope:Host > UP LOOPBACK RUNNING MTU:65536 Metric:1 > RX packets:142 errors:0 dropped:0 overruns:0 frame:0 > TX packets:142 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:11929 (11.9 KB) TX bytes:11929 (11.9 KB) > > > ## Remote machine (behind router which is doing port forwarding from > 98.191.200.182:80 -> 192.168.1.185:80) > > root@raspberrypi:/home/pi# ifconfig > eth0 Link encap:Ethernet HWaddr b8:27:eb:ee:84:69 > inet addr:192.168.1.185 Bcast:192.168.1.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:14597 errors:0 dropped:484 overruns:0 frame:0 > TX packets:1797 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:2921143 (2.7 MiB) TX bytes:301282 (294.2 KiB) > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > UP LOOPBACK RUNNING MTU:65536 Metric:1 > RX packets:447 errors:0 dropped:0 overruns:0 frame:0 > TX packets:447 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:130401 (127.3 KiB) TX bytes:130401 (127.3 KiB) > > tunl0 Link encap:IPIP Tunnel HWaddr > inet addr:172.20.10.6 Mask:255.255.255.255 > UP RUNNING NOARP MTU:1480 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) > > root@raspberrypi:/home/pi# cat /etc/sysctl.d/20-lvs-destination.conf > net.ipv4.conf.lo.arp_ignore = 1 > net.ipv4.conf.lo.arp_announce = 2 > net.ipv4.conf.tunl0.arp_ignore = 1 > net.ipv4.conf.tunl0.arp_announce = 2 > > > ## TCP dump of LVS Machine when trying to visit 172.20.10.6 via browser > > root@lvs01:~# tcpdump -n -i eth0:1 port 80 > tcpdump: WARNING: eth0:1: no IPv4 address assigned > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on eth0:1, link-type EN10MB (Ethernet), capture size 65535 bytes > > 13:05:33.928612 IP 172.20.10.2.61641 > 172.20.10.6.80: Flags [S], seq > 375168773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326362248 ecr 0,sackOK,eol], length 0 > 13:05:33.928664 IP 172.20.10.2.61642 > 172.20.10.6.80: Flags [S], seq > 2628646146, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326362248 ecr 0,sackOK,eol], length 0 > 13:05:34.931978 IP 172.20.10.2.61642 > 172.20.10.6.80: Flags [S], seq > 2628646146, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326363249 ecr 0,sackOK,eol], length 0 > 13:05:34.932031 IP 172.20.10.2.61641 > 172.20.10.6.80: Flags [S], seq > 375168773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326363249 ecr 0,sackOK,eol], length 0 > 13:05:35.935326 IP 172.20.10.2.61642 > 172.20.10.6.80: Flags [S], seq > 2628646146, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326364249 ecr 0,sackOK,eol], length 0 > 13:05:35.935376 IP 172.20.10.2.61641 > 172.20.10.6.80: Flags [S], seq > 375168773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326364249 ecr 0,sackOK,eol], length 0 > 13:05:36.936083 IP 172.20.10.2.61642 > 172.20.10.6.80: Flags [S], seq > 2628646146, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326365249 ecr 0,sackOK,eol], length 0 > 13:05:36.936122 IP 172.20.10.2.61641 > 172.20.10.6.80: Flags [S], seq > 375168773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326365249 ecr 0,sackOK,eol], length 0 > 13:05:37.944178 IP 172.20.10.2.61642 > 172.20.10.6.80: Flags [S], seq > 2628646146, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326366249 ecr 0,sackOK,eol], length 0 > 13:05:37.944217 IP 172.20.10.2.61641 > 172.20.10.6.80: Flags [S], seq > 375168773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326366249 ecr 0,sackOK,eol], length 0 > 13:05:38.950484 IP 172.20.10.2.61642 > 172.20.10.6.80: Flags [S], seq > 2628646146, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326367249 ecr 0,sackOK,eol], length 0 > 13:05:38.950524 IP 172.20.10.2.61641 > 172.20.10.6.80: Flags [S], seq > 375168773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326367249 ecr 0,sackOK,eol], length 0 > 13:05:40.958163 IP 172.20.10.2.61642 > 172.20.10.6.80: Flags [S], seq > 2628646146, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326369249 ecr 0,sackOK,eol], length 0 > 13:05:40.958204 IP 172.20.10.2.61641 > 172.20.10.6.80: Flags [S], seq > 375168773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326369249 ecr 0,sackOK,eol], length 0 > 13:05:44.968782 IP 172.20.10.2.61642 > 172.20.10.6.80: Flags [S], seq > 2628646146, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326373249 ecr 0,sackOK,eol], length 0 > 13:05:44.968822 IP 172.20.10.2.61641 > 172.20.10.6.80: Flags [S], seq > 375168773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326373249 ecr 0,sackOK,eol], length 0 > 13:05:52.987716 IP 172.20.10.2.61642 > 172.20.10.6.80: Flags [S], seq > 2628646146, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326381249 ecr 0,sackOK,eol], length 0 > 13:05:52.987755 IP 172.20.10.2.61641 > 172.20.10.6.80: Flags [S], seq > 375168773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326381249 ecr 0,sackOK,eol], length 0 > 13:06:09.019087 IP 172.20.10.2.61641 > 172.20.10.6.80: Flags [S], seq > 375168773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326397249 ecr 0,sackOK,eol], length 0 > 13:06:41.105497 IP 172.20.10.2.61642 > 172.20.10.6.80: Flags [S], seq > 2628646146, win 65535, options [mss 1460,sackOK,eol], length 0 > 13:06:41.105539 IP 172.20.10.2.61641 > 172.20.10.6.80: Flags [S], seq > 375168773, win 65535, options [mss 1460,sackOK,eol], length 0 > 13:06:49.683159 IP 172.20.10.2.61658 > 172.20.10.6.80: Flags [S], seq > 2615143147, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326437805 ecr 0,sackOK,eol], length 0 > 13:06:49.933186 IP 172.20.10.2.61659 > 172.20.10.6.80: Flags [S], seq > 2439157426, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326438055 ecr 0,sackOK,eol], length 0 > 13:06:50.684257 IP 172.20.10.2.61658 > 172.20.10.6.80: Flags [S], seq > 2615143147, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326438805 ecr 0,sackOK,eol], length 0 > 13:06:50.934982 IP 172.20.10.2.61659 > 172.20.10.6.80: Flags [S], seq > 2439157426, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326439055 ecr 0,sackOK,eol], length 0 > 13:06:51.685122 IP 172.20.10.2.61658 > 172.20.10.6.80: Flags [S], seq > 2615143147, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326439805 ecr 0,sackOK,eol], length 0 > 13:06:51.936173 IP 172.20.10.2.61659 > 172.20.10.6.80: Flags [S], seq > 2439157426, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326440055 ecr 0,sackOK,eol], length 0 > 13:06:52.687047 IP 172.20.10.2.61658 > 172.20.10.6.80: Flags [S], seq > 2615143147, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326440805 ecr 0,sackOK,eol], length 0 > 13:06:52.938955 IP 172.20.10.2.61659 > 172.20.10.6.80: Flags [S], seq > 2439157426, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326441055 ecr 0,sackOK,eol], length 0 > 13:06:53.692296 IP 172.20.10.2.61658 > 172.20.10.6.80: Flags [S], seq > 2615143147, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326441805 ecr 0,sackOK,eol], length 0 > 13:06:53.944695 IP 172.20.10.2.61659 > 172.20.10.6.80: Flags [S], seq > 2439157426, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326442055 ecr 0,sackOK,eol], length 0 > 13:06:54.698199 IP 172.20.10.2.61658 > 172.20.10.6.80: Flags [S], seq > 2615143147, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326442805 ecr 0,sackOK,eol], length 0 > 13:06:54.948887 IP 172.20.10.2.61659 > 172.20.10.6.80: Flags [S], seq > 2439157426, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326443055 ecr 0,sackOK,eol], length 0 > 13:06:56.712993 IP 172.20.10.2.61658 > 172.20.10.6.80: Flags [S], seq > 2615143147, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326444805 ecr 0,sackOK,eol], length 0 > 13:06:56.964115 IP 172.20.10.2.61659 > 172.20.10.6.80: Flags [S], seq > 2439157426, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val > 1326445055 ecr 0,sackOK,eol], length 0 > > *Aldo Sarmiento* > _______________________________________________ > Please read the documentation before posting - it's available at: > http://www.linuxvirtualserver.org/ > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org > Send requests to lvs-users-requ...@linuxvirtualserver.org > or go to http://lists.graemef.net/mailman/listinfo/lvs-users > _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users
