On Sat, 21 Mar 2009, Graeme Fowler wrote: > What you'll need to do is as follows: > > # /sbin/ip address add 10.9.3.6/32 dev eth0 > # /sbin/ipvsadm -A -t 10.9.3.6:80 -s rr > # /sbin/ipvsadm -a -t 10.9.3.6:80 -r 10.9.3.1:80 -w 100 -m > # /sbin/ipvsadm -a -t 10.9.3.6:80 -r 10.9.3.2:80 -w 100 -m > > That then gets you a very basic virtual server on 10.9.3.6:80/tcp which > has realservers on port 80/tcp on addresses 10.9.3.1 and 10.9.3.2, using > the "masquerade" method (LVS-NAT). The prerequisite for this is that the > realservers have a default gateway address pointing to the director, ie. > 10.9.3.6. > > Once you have this set up, you can try to access the VIP from a client > which is *not on the same LAN as the VIP or the realservers*. This is a > key point - the return traffic MUST go back via the director in LVS-NAT > or the SYN/AYN-ACK/ACK handshake will fail. > > Please try this and let us know how you get on.
Okay, I did that, and the result is -- improved? I think? I can see the HTTP request in the logs of one of the real servers. So the request gets that far. But the response apparently never reaches the client; curl just sits waiting until it finally times out. I _was_ testing from a different subnet. I can ping the client from the real servers, so at least some of the networking magic appears to be working fine. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
