Gerry Reno wrote: > I have setup a stanza in keepalived.conf for SSH to use an alternate > port. But whenever I try to ssh into the VIP on the alternate port I > get a "No route to host". It looks like it gets to the director but it > never gets to the real server. I see an immediate inactive connection > in IPVS. All firewalls on both directors and real servers are down. > keepalived is 1.1.13. All the other IPVS traffic is behaving correctly, > 80, 8080, 443. > > ???? > > Gerry > > > ===================================================== > On a non-director machine: > # ssh -p 33322 -v [EMAIL PROTECTED] > OpenSSH_4.5p1, OpenSSL 0.9.8b 04 May 2006 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug1: Connecting to 192.168.1.240 [192.168.1.240] port 33322. > debug1: connect to address 192.168.1.240 port 33322: No route to host > ssh: connect to host 192.168.1.240 port 33322: No route to host > > > On director: > # ipvsadm -ln > IP Virtual Server version 1.2.1 (size=4096) > Prot LocalAddress:Port Scheduler Flags > -> RemoteAddress:Port Forward Weight ActiveConn InActConn > TCP 192.168.1.240:443 rr persistent 600 > -> 192.168.1.201:443 Route 1 0 0 > -> 192.168.1.200:443 Route 1 0 0 > TCP 192.168.1.240:33322 rr persistent 600 > -> 192.168.1.26:22 Route 1 0 0 > -> 192.168.1.25:22 Route 1 0 1 > > > keepalived.conf: > ... > virtual_server 192.168.1.240 33322 { > delay_loop 5 > lb_algo rr > lb_kind DR > persistence_timeout 600 > protocol TCP > > real_server 192.168.1.25 22 { > weight 1 > inhibit_on_failure > TCP_CHECK { > connect_port 22 > connect_timeout 3 > nb_get_retry 3 > delay_before_retry 1 > } > } > real_server 192.168.1.26 22 { > weight 1 > inhibit_on_failure > TCP_CHECK { > connect_port 22 > connect_timeout 3 > nb_get_retry 3 > delay_before_retry 1 > } > } > } > ... > > master director: > # ip addr show > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > inet6 ::1/128 scope host > valid_lft forever preferred_lft forever > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast > qlen 1000 > link/ether 00:0c:29:a7:c7:33 brd ff:ff:ff:ff:ff:ff > inet 192.168.1.150/24 brd 192.168.1.255 scope global eth0 > inet 192.168.1.240/24 scope global secondary eth0 > inet6 fe80::20c:29ff:fea7:c733/64 scope link > valid_lft forever preferred_lft forever > > backup director: > # ip addr show > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > inet 192.168.1.240/32 scope host lo > inet6 ::1/128 scope host > valid_lft forever preferred_lft forever > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast > qlen 1000 > link/ether 00:0c:29:54:ef:09 brd ff:ff:ff:ff:ff:ff > inet 192.168.1.151/24 brd 192.168.1.255 scope global eth0 > inet6 fe80::20c:29ff:fe54:ef09/64 scope link > valid_lft forever preferred_lft forever > > realservers: > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > inet6 ::1/128 scope host > valid_lft forever preferred_lft forever > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast > qlen 1000 > link/ether 00:18:f8:0b:55:54 brd ff:ff:ff:ff:ff:ff > inet 192.168.1.25/24 brd 192.168.1.255 scope global eth0 > inet6 fe80::218:f8ff:fe0b:5554/64 scope link > valid_lft forever preferred_lft forever > > I'm also seeing a lot of these in /var/log/secure: Sep 19 23:22:12 grp-01-20-01 sshd[22408]: Did not receive identification string from 192.168.1.150 Sep 19 23:39:42 grp-01-20-01 sshd[22868]: Did not receive identification string from 192.168.1.150 Sep 19 23:39:47 grp-01-20-01 sshd[22871]: Did not receive identification string from 192.168.1.150
which I'm assuming is from TCP_CHECK _______________________________________________ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users