Usually for MASQ/NAT mode the real server would be in a different subnet with the LVS server set as the default gateway.
If you want to do one-arm i.e. same subnet MASQ then the test client needs to be in a separate subnet OR you need to have special routing rules on the real (backend) server. On 21 November 2016 at 18:26, Nick Leli <nicholasl...@gmail.com> wrote: > Hi Everyone, > > I am trying to learn LVS and have created the setup below (better > formatting at Server Fault http://serverfault.com/questions/816026/lvs-load- > balancer-not-getting-response). The LVS setup seems correct, but it > appears that the connections never make it to the real server, even though > traffic is being sent from the director. I am under the impression that no > iptables rules are required since the real server is added with > masquerade. Is this incorrect? I have read through the HOWTO multiple > times but am not clear on what is needed. > > **Director Host** > > root@ip-172-31-16-196:/home/ubuntu# cat /proc/sys/net/ipv4/ip_forward > 1 > > root@ip-172-31-16-196:/home/ubuntu# ifconfig > eth0 Link encap:Ethernet HWaddr 06:a0:5b:48:1b:f5 > inet addr:172.31.16.196 Bcast:172.31.31.255 > Mask:255.255.240.0 > inet6 addr: fe80::4a0:5bff:fe48:1bf5/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:9001 Metric:1 > RX packets:4211 errors:0 dropped:0 overruns:0 frame:0 > TX packets:3692 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:416625 (416.6 KB) TX bytes:406446 (406.4 KB) > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > inet6 addr: ::1/128 Scope:Host > UP LOOPBACK RUNNING MTU:65536 Metric:1 > RX packets:173 errors:0 dropped:0 overruns:0 frame:0 > TX packets:173 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1 > RX bytes:12776 (12.7 KB) TX bytes:12776 (12.7 KB) > > root@ip-172-31-16-196:/home/ubuntu# ipvsadm -Ln > IP Virtual Server version 1.2.1 (size=4096) > Prot LocalAddress:Port Scheduler Flags > -> RemoteAddress:Port Forward Weight ActiveConn InActConn > TCP 172.31.16.196:80 rr > -> 172.31.16.195:80 Masq 1 0 0 > > root@ip-172-31-16-196:/home/ubuntu# ipvsadm -Ln --stats > IP Virtual Server version 1.2.1 (size=4096) > Prot LocalAddress:Port Conns InPkts OutPkts InBytes > OutBytes > -> RemoteAddress:Port > TCP 172.31.16.196:80 23 122 0 6436 > 0 > -> 172.31.16.195:80 23 122 0 6436 > 0 > > root@ip-172-31-16-196:/home/ubuntu# curl 172.31.16.195-vv > * Rebuilt URL to: 172.31.16.195/ > * Trying 172.31.16.195... > * Connected to 172.31.16.195 (172.31.16.195) port 80 (#0) >> GET / HTTP/1.1 >> Host: 172.31.16.195 >> User-Agent: curl/7.47.0 >> Accept: */* >> > * HTTP 1.0, assume close after body > < HTTP/1.0 200 OK > < Server: SimpleHTTP/0.6 Python/2.7.12 > < Date: Mon, 21 Nov 2016 04:59:04 GMT > < Content-type: text/html > < Content-Length: 26 > < Last-Modified: Mon, 21 Nov 2016 00:58:21 GMT > < > >From server 172.31.16.195 > * Closing connection 0 > > # Show the public IP of this host > root@ip-172-31-16-196:/home/ubuntu# wget http://ipinfo.io/ip -qO - > 52.15.105.107 > > **Backend Server** > > root@ip-172-31-16-195:/home/ubuntu# netstat -tnlp > Active Internet connections (only servers) > Proto Recv-Q Send-Q Local Address Foreign Address State > PID/Program name > tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN > 2444/python > tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN > 1221/sshd > tcp6 0 0 :::22 :::* LISTEN > 1221/sshd > > root@ip-172-31-16-195:/home/ubuntu# iptables -L -t nat > Chain PREROUTING (policy ACCEPT) > target prot opt source destination > > Chain INPUT (policy ACCEPT) > target prot opt source destination > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > Chain POSTROUTING (policy ACCEPT) > target prot opt source destination > >From Remote Client > > # Hitting the public IP > $ curl -vvv http://52.15.105.107/ > * Trying 52.15.105.107... > * Connected to 52.15.105.107 (127.0.0.1) port 80 (#0) >> GET / HTTP/1.1 >> Host: 52.15.105.107 >> User-Agent: curl/7.43.0 >> Accept: */* >> > < HTTP/1.1 504 Gateway Time-out > < Server: ScanSafe > < Mime-Version: 1.0 > < Date: Mon, 21 Nov 2016 05:40:50 GMT > < Content-Type: text/html > < Content-Length: 1664 > < X-ScanSafe-Error: ERR_CONNECT_FAIL 110 > < Keep-Alive: 60 > < Via: HTTP/1.1 proxy10829 > _______________________________________________ > Please read the documentation before posting - it's available at: > http://www.linuxvirtualserver.org/ > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org > Send requests to lvs-users-requ...@linuxvirtualserver.org > or go to http://lists.graemef.net/mailman/listinfo/lvs-users -- Regards, Malcolm Turnbull. Loadbalancer.org Ltd. Phone: +44 (0)330 380 1064 http://www.loadbalancer.org/ _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users
