Did some experimenting with my load balancer and mail server. Just to recap this is what I have:
Load Balancer: interfaces eth0 1.1.1.0(physical interface) eth0:1 1.1.1.1(virtual IP) eth1 2.2.2.0 1 L4xNAT farm using vip 1.1.1.1 protocol type tcp nat type DNAT weighted algorithm IP persistence backend server 2.2.2.1 gateway of 2.2.2.0(eth1 on LB) The backend also has a second network interface, which is setup on a different subnet. If I uninstall this interface the Load Balancer farm works and a port scan will return all the ports that where specified. Now if I leave this interface installed an run a port scan no ports are returned. Any thoughts on why a seconded interface would cause this. I have tried binding the mail services to a specific IP and still have had no luck. On Aug 28, 2014, at 9:37 AM, Laura Garcia <nev...@gmail.com> wrote: > Analyze your connections with tcpdump and "netstat-nat -nD". > Note that the external net is 1.1.0.0/21. > Check that the connection from the backend to the client is not done through > an alternative route than the load balancer. > > > > > On Thu, Aug 28, 2014 at 4:04 PM, Jon Hoffart <jon.hoff...@medoraco.com> wrote: > I have two physical interfaces setup: eth0 and eth1 > > eth0 is setup as 1.1.1.0/21 > this interface also has one virtual ip eth0:0 1.1.1.1/21 > > eth1 is setup as 2.2.2.0/29 and has no virtual ip. > this is programed as the Gateway in the backend server. > > > > On Aug 28, 2014, at 7:48 AM, Laura Garcia <nev...@gmail.com> wrote: > > > Hi Jon, your farm is perfectly configured with 1 backend. What about the > > network configuration you've set in your zlb? > > > > > > On Thu, Aug 28, 2014 at 3:08 PM, Jon Hoffart <jon.hoff...@medoraco.com> > > wrote: > > netstat -L provides a result of invalid option — ‘L’ > > > > are you sure that the commands are netstat and not iptables. Iptables > > returns the following > > > > > > iptables -L -t nat > > > > Chain PREROUTING (policy ACCEPT) > > target prot opt source destination > > DNAT tcp -- anywhere anywhere mark match > > 0x200 recent: SET name: _mail_0x200_sessions side: source /* FARM_mail_0_ > > */ to:2.2.2.4 > > > > Chain POSTROUTING (policy ACCEPT) > > target prot opt source destination > > > > Chain OUTPUT (policy ACCEPT) > > target prot opt source destination > > > > > > iptables -L -t mangle > > > > Chain PREROUTING (policy ACCEPT) > > target prot opt source destination > > MARK tcp -- anywhere 1.1.1.1 statistic mode random > > probability 1.000000 multiport dports > > imap2,imaps,pop3,pop3s,smtp,ssmtp,submission,6099 /* FARM_mail_0_ */ MARK > > set 0x200 > > MARK tcp -- anywhere 1.1.1.1 recent: CHECK seconds: > > 120 name: _mail_0x200_sessions side: source multiport dports > > imap2,imaps,pop3,pop3s,smtp,ssmtp,submission,6099 /* FARM_mail_0_ */ MARK > > set 0x200 > > > > Chain INPUT (policy ACCEPT) > > target prot opt source destination > > > > Chain FORWARD (policy ACCEPT) > > target prot opt source destination > > > > Chain OUTPUT (policy ACCEPT) > > target prot opt source destination > > > > Chain POSTROUTING (policy ACCEPT) > > target prot opt source destination > > > > > > > > > > > > On Aug 28, 2014, at 2:05 AM, Laura Garcia <nev...@gmail.com> wrote: > > > > > Hi Jon, could you please to paste the output of the following commands? > > > > > > netstat -L -t nat > > > netstat -L -t mangle > > > > > > Additionally, which version are you using? > > > > > > Regards > > > > > > > > > > > > On Wed, Aug 27, 2014 at 8:13 PM, Jon Hoffart <jon.hoff...@medoraco.com> > > > wrote: > > > Alright here is what I have setup > > > > > > 1 L4xNAT farm with ip of 1.1.1.1 > > > protocol type tcp > > > nat type DNAT > > > load balance algorithm Weight > > > persistence mode IP persictence > > > > > > 3 backend servers on a separate subnet > > > 2.2.2.1 > > > 2.2.2.2 > > > 2.2.2.3 > > > > > > gateways on these are set to 2.2.2.4 which is a second interface on my > > > load balancer. > > > > > > so something like this Client 1.1.1.100/21 —> ZEN 1.1.1.102/21 —> Server > > > 2.2.2.1/29 > > > > > > > > > On Aug 27, 2014, at 10:22 AM, Gruber Alexander > > > <alexander.gru...@az-druck.de> wrote: > > > > > > > Hi, > > > > > > > > we need a lite bit more information. > > > > > > > > Backendservers on a different network/sub network?Like this? > > > > > > > > Client --192.168.0.0/24 --> ZEN -- 192.168.1.0/24 --> Server > > > > > > > >> Am 27.08.2014 um 18:00 schrieb "Jon Hoffart" > > > >> <jon.hoff...@medoraco.com>: > > > >> > > > >> Hello, > > > >> I currently have a L4xNAT farm setup to balance my mail servers. I > > > >> am trying to use DNAT so I can identify were traffic is coming from, > > > >> as NAT shows all traffic coming from the load balancer and not its > > > >> original source. My issue with DNAT is that when I set the farm to use > > > >> it I am unable to send or receive mail. I also tried running a port > > > >> scan on the farms IP with DNAT enabled and it doesn’t return any open > > > >> ports. Any ideas on what my cause an issue like this? > > > >> > > > >> Yes my backend servers have their gateway set to that of the load > > > >> balancer. > > > >> > > > >> > > > >> > > > >> This e-mail and any attachments may contain confidential material that > > > >> may not be disclosed, copied or distributed. If you are not the > > > >> intended recipient(s), please contact the sender and delete all copies. > > > >> > > > >> ------------------------------------------------------------------------------ > > > >> Slashdot TV. > > > >> Video for Nerds. Stuff that matters. > > > >> http://tv.slashdot.org/ > > > >> _______________________________________________ > > > >> Zenloadbalancer-support mailing list > > > >> Zenloadbalancer-support@lists.sourceforge.net > > > >> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support > > > > > > > > ------------------------------------------------------------------------------ > > > > Slashdot TV. > > > > Video for Nerds. Stuff that matters. > > > > http://tv.slashdot.org/ > > > > _______________________________________________ > > > > Zenloadbalancer-support mailing list > > > > Zenloadbalancer-support@lists.sourceforge.net > > > > https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support > > > > > > > > > This e-mail and any attachments may contain confidential material that > > > may not be disclosed, copied or distributed. If you are not the intended > > > recipient(s), please contact the sender and delete all copies. > > > > > > ------------------------------------------------------------------------------ > > > Slashdot TV. > > > Video for Nerds. Stuff that matters. > > > http://tv.slashdot.org/ > > > _______________________________________________ > > > Zenloadbalancer-support mailing list > > > Zenloadbalancer-support@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support > > > > > > ------------------------------------------------------------------------------ > > > Slashdot TV. > > > Video for Nerds. Stuff that matters. > > > http://tv.slashdot.org/_______________________________________________ > > > Zenloadbalancer-support mailing list > > > Zenloadbalancer-support@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support > > > > > > This e-mail and any attachments may contain confidential material that may > > not be disclosed, copied or distributed. If you are not the intended > > recipient(s), please contact the sender and delete all copies. > > > > ------------------------------------------------------------------------------ > > Slashdot TV. > > Video for Nerds. Stuff that matters. > > http://tv.slashdot.org/ > > _______________________________________________ > > Zenloadbalancer-support mailing list > > Zenloadbalancer-support@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support > > > > ------------------------------------------------------------------------------ > > Slashdot TV. > > Video for Nerds. Stuff that matters. > > http://tv.slashdot.org/_______________________________________________ > > Zenloadbalancer-support mailing list > > Zenloadbalancer-support@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support > > > This e-mail and any attachments may contain confidential material that may > not be disclosed, copied or distributed. If you are not the intended > recipient(s), please contact the sender and delete all copies. > > ------------------------------------------------------------------------------ > Slashdot TV. > Video for Nerds. Stuff that matters. > http://tv.slashdot.org/ > _______________________________________________ > Zenloadbalancer-support mailing list > Zenloadbalancer-support@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support > > ------------------------------------------------------------------------------ > Slashdot TV. > Video for Nerds. Stuff that matters. > http://tv.slashdot.org/_______________________________________________ > Zenloadbalancer-support mailing list > Zenloadbalancer-support@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support This e-mail and any attachments may contain confidential material that may not be disclosed, copied or distributed. If you are not the intended recipient(s), please contact the sender and delete all copies. ------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ _______________________________________________ Zenloadbalancer-support mailing list Zenloadbalancer-support@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
