Good Afternoon,
I have successfully implemented a L4DNAT farm in Zen with
the following configuration:
Load balancer:
Eth0: 10.12.10.60 (Management IP)
Eth1 10.13.10.60 (Backend Gateway)
Eth1:0 10.12.10.160 (Virtual IP)
Default GW 10.12.10.1
Farm Configuration:
L4
TCP,
DNAT,
Weight,
No Persistence,
VIP 10.12.10.160,
Ports Open (8,22,80,443)
Back Ends:
10.13.10.63
Eth0 10.12.10.63
Eth1 10.13.10.63
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref
Use Iface
10.13.10.0 * 255.255.255.0 U 0 0
0 eth1
10.12.10.0 * 255.255.255.0 U 0 0
0 eth0
169.254.0.0 * 255.255.0.0 U 0 0
0 eth1
default 10.13.10.60 0.0.0.0 UG 0 0
0 eth1
10.13.10.64
Eth0 10.12.10.64
Eth1 12.13.10.64
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref
Use Iface
10.13.10.0 * 255.255.255.0 U 0 0
0 eth1
10.12.10.0 * 255.255.255.0 U 0 0
0 eth0
169.254.0.0 * 255.255.0.0 U 0 0
0 eth1
default 10.13.10.60 0.0.0.0 UG 0 0
0 eth1
10.13.10.66
Eth0 10.12.10.66
Eth1 10.13.10.66
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref
Use Iface
10.13.10.0 * 255.255.255.0 U 0 0
0 eth1
10.12.10.0 * 255.255.255.0 U 0 0
0 eth0
169.254.0.0 * 255.255.0.0 U 0 0
0 eth1
default 10.13.10.60 0.0.0.0 UG 0 0
0 eth1
All expected traffic is forwarded through the load balancer to the back
end web servers and they can contact any resources they require on various
subnets and can even access resources across our VPN tunnel back to HQ.
In order to allow these back end machines to communicate with the internet
I had to modify the zlb-start file on the load balancer to include the
following entry:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Here is my difficulty. I am unable to ssh to those machines across the
VPN anymore. I had a TAC case opened Cisco and we show that the packets
are traversing the ASA fine. The client is somehow resetting the
connections to these ports. Additionally my PRTG network monitoring for
these hosts no longer works. Does anyone have any insight as to what
might be causing this issue?
Kind Regards,
Tom Trantham
-----Original Message-----
From: Cerrie Russell [mailto:[email protected]]
Sent: Tuesday, March 04, 2014 5:11 PM
To: [email protected]
Subject: [Zenloadbalancer-support] No option to add real server IP to HTTP
profile
Hi all,
When selecting HTTP as the farm profile there is no option for:
1. NO Edit real IP servers configuration > how do you add the real
servers?
2. NO persistence session
Screen Shot: http://pasteboard.co/17YrPJTG.png
I think all the docs and youtube vids are old.
Can some one please help with adding a farm for 2x SSL web servers?
Should I use TCP or HTTP?
Many Thanks.
--------------------------------------------------------------------------
----
Subversion Kills Productivity. Get off Subversion & Make the Move to
Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works.
Faster operations. Version large binaries. Built-in WAN optimization and
the freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clkt
rk
_______________________________________________
Zenloadbalancer-support mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
------------------------------------------------------------------------------
Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works.
Faster operations. Version large binaries. Built-in WAN optimization and the
freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
_______________________________________________
Zenloadbalancer-support mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
