To add clarification I cannot SSH into these machines over their 10.12.10.x address over the VPN tunnel. It is obviously futile to attempt to SSH into them on the 10.13.10.x address.
-----Original Message----- From: Tom Trantham [mailto:[email protected]] Sent: Tuesday, March 04, 2014 5:32 PM To: '[email protected]' Subject: RE: [Zenloadbalancer-support] No option to add real server IP to HTTP profile Good Afternoon, I have successfully implemented a L4DNAT farm in Zen with the following configuration: Load balancer: Eth0: 10.12.10.60 (Management IP) Eth1 10.13.10.60 (Backend Gateway) Eth1:0 10.12.10.160 (Virtual IP) Default GW 10.12.10.1 Farm Configuration: L4 TCP, DNAT, Weight, No Persistence, VIP 10.12.10.160, Ports Open (8,22,80,443) Back Ends: 10.13.10.63 Eth0 10.12.10.63 Eth1 10.13.10.63 Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.13.10.0 * 255.255.255.0 U 0 0 0 eth1 10.12.10.0 * 255.255.255.0 U 0 0 0 eth0 169.254.0.0 * 255.255.0.0 U 0 0 0 eth1 default 10.13.10.60 0.0.0.0 UG 0 0 0 eth1 10.13.10.64 Eth0 10.12.10.64 Eth1 12.13.10.64 Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.13.10.0 * 255.255.255.0 U 0 0 0 eth1 10.12.10.0 * 255.255.255.0 U 0 0 0 eth0 169.254.0.0 * 255.255.0.0 U 0 0 0 eth1 default 10.13.10.60 0.0.0.0 UG 0 0 0 eth1 10.13.10.66 Eth0 10.12.10.66 Eth1 10.13.10.66 Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.13.10.0 * 255.255.255.0 U 0 0 0 eth1 10.12.10.0 * 255.255.255.0 U 0 0 0 eth0 169.254.0.0 * 255.255.0.0 U 0 0 0 eth1 default 10.13.10.60 0.0.0.0 UG 0 0 0 eth1 All expected traffic is forwarded through the load balancer to the back end web servers and they can contact any resources they require on various subnets and can even access resources across our VPN tunnel back to HQ. In order to allow these back end machines to communicate with the internet I had to modify the zlb-start file on the load balancer to include the following entry: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE Here is my difficulty. I am unable to ssh to those machines across the VPN anymore. I had a TAC case opened Cisco and we show that the packets are traversing the ASA fine. The client is somehow resetting the connections to these ports. Additionally my PRTG network monitoring for these hosts no longer works. Does anyone have any insight as to what might be causing this issue? Kind Regards, Tom Trantham -----Original Message----- From: Cerrie Russell [mailto:[email protected]] Sent: Tuesday, March 04, 2014 5:11 PM To: [email protected] Subject: [Zenloadbalancer-support] No option to add real server IP to HTTP profile Hi all, When selecting HTTP as the farm profile there is no option for: 1. NO Edit real IP servers configuration > how do you add the real servers? 2. NO persistence session Screen Shot: http://pasteboard.co/17YrPJTG.png I think all the docs and youtube vids are old. Can some one please help with adding a farm for 2x SSL web servers? Should I use TCP or HTTP? Many Thanks. -------------------------------------------------------------------------- ---- Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce. With Perforce, you get hassle-free workflows. Merge that actually works. Faster operations. Version large binaries. Built-in WAN optimization and the freedom to use Git, Perforce or both. Make the move to Perforce. http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clkt rk _______________________________________________ Zenloadbalancer-support mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support ------------------------------------------------------------------------------ Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce. With Perforce, you get hassle-free workflows. Merge that actually works. Faster operations. Version large binaries. Built-in WAN optimization and the freedom to use Git, Perforce or both. Make the move to Perforce. http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk _______________________________________________ Zenloadbalancer-support mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
