Hi Everyone,
I am trying to learn LVS and have created the setup below (better
formatting at Server Fault http://serverfault.com/questions/816026/lvs-load-
balancer-not-getting-response). The LVS setup seems correct, but it
appears that the connections never make it to the real server, even though
traffic is being sent from the director. I am under the impression that no
iptables rules are required since the real server is added with
masquerade. Is this incorrect? I have read through the HOWTO multiple
times but am not clear on what is needed.
**Director Host**
root@ip-172-31-16-196:/home/ubuntu# cat /proc/sys/net/ipv4/ip_forward
1
root@ip-172-31-16-196:/home/ubuntu# ifconfig
eth0 Link encap:Ethernet HWaddr 06:a0:5b:48:1b:f5
inet addr:172.31.16.196 Bcast:172.31.31.255
Mask:255.255.240.0
inet6 addr: fe80::4a0:5bff:fe48:1bf5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:9001 Metric:1
RX packets:4211 errors:0 dropped:0 overruns:0 frame:0
TX packets:3692 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:416625 (416.6 KB) TX bytes:406446 (406.4 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:173 errors:0 dropped:0 overruns:0 frame:0
TX packets:173 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:12776 (12.7 KB) TX bytes:12776 (12.7 KB)
root@ip-172-31-16-196:/home/ubuntu# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.31.16.196:80 rr
-> 172.31.16.195:80 Masq 1 0 0
root@ip-172-31-16-196:/home/ubuntu# ipvsadm -Ln --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Conns InPkts OutPkts InBytes
OutBytes
-> RemoteAddress:Port
TCP 172.31.16.196:80 23 122 0 6436
0
-> 172.31.16.195:80 23 122 0 6436
0
root@ip-172-31-16-196:/home/ubuntu# curl 172.31.16.195-vv
* Rebuilt URL to: 172.31.16.195/
* Trying 172.31.16.195...
* Connected to 172.31.16.195 (172.31.16.195) port 80 (#0)
> GET / HTTP/1.1
> Host: 172.31.16.195
> User-Agent: curl/7.47.0
> Accept: */*
>
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Server: SimpleHTTP/0.6 Python/2.7.12
< Date: Mon, 21 Nov 2016 04:59:04 GMT
< Content-type: text/html
< Content-Length: 26
< Last-Modified: Mon, 21 Nov 2016 00:58:21 GMT
<
>From server 172.31.16.195
* Closing connection 0
# Show the public IP of this host
root@ip-172-31-16-196:/home/ubuntu# wget http://ipinfo.io/ip -qO -
52.15.105.107
**Backend Server**
root@ip-172-31-16-195:/home/ubuntu# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
2444/python
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
1221/sshd
tcp6 0 0 :::22 :::* LISTEN
1221/sshd
root@ip-172-31-16-195:/home/ubuntu# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
>From Remote Client
# Hitting the public IP
$ curl -vvv http://52.15.105.107/
* Trying 52.15.105.107...
* Connected to 52.15.105.107 (127.0.0.1) port 80 (#0)
> GET / HTTP/1.1
> Host: 52.15.105.107
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 504 Gateway Time-out
< Server: ScanSafe
< Mime-Version: 1.0
< Date: Mon, 21 Nov 2016 05:40:50 GMT
< Content-Type: text/html
< Content-Length: 1664
< X-ScanSafe-Error: ERR_CONNECT_FAIL 110
< Keep-Alive: 60
< Via: HTTP/1.1 proxy10829
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-requ...@linuxvirtualserver.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
