On Fri, 3 Jul 2009, Olaf Krische wrote: > > (Seriously, i read the howto. Sorry if it seems i dont.)
OK. (Can you send only one posting instead of 3 each time please?) Sorry it's taken so long to see your problem. o you have two routers, one for the private network, one for the internet o to talk to the internet router you need a public IP. Since you don't have a public IP on the realserver, you can't talk to the internet router. I'm sure we must have had someone else with this problem before, but not often and anyhow I've forgotten all about it. > I have the realserver (192.168.2.xx) in the private > network. My default gateway for this network does NAT > only. OK > I can use the second interface (eth1) on the realserver, > setting on it an "internet" IP and changing the default > route to the "internet" router. Then i have a default > route to the client, which works perfectly. > > $ ip route add default via $router dev eth1 OK can you run a cable from the inside of the private network router to the inside of the internet router? (presumably not). Presumably then you could do this # route add net 192.168.2.0/32 dev eth0 # route add default gw $internet_router > But i dont want to do this, since i waste this exact IP plus the realserver > is reachable from the internet. yes exactly. > So i bring up eth1 without IP: > > $ ifconfig eth1 0 up > > And putting the VIP on lo:0: > > $ ifconfig lo:0 $VIP netmask 255.255.255.255 up > > And say, that all traffic shall go over eth1 in general: > > $ ip route add default dev eth1 > > This is not enough, what goes wrong? do you understand that for LVS-DR the packets go in one direction and that packets don't have to come back from the router? http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-DR.html#Pearthree You don't have to be able to ping the internet router (the internet router does have to receive the ping packets). > since it doesnt know yet, > that the traffic on eth1 shall go to $router. > > So i try this by "ip route", which does not work: > > $ ip route add default via $router dev eth1 > > But with the route command it works: > > $ route add default gw $router dev eth1 > > Now i have all what i want! And it works. great > I can even ping. nope, you should not be able to ping the internet router. > But i am not sure, if that is alright. If the LVS works, then it's good enough (but see the comment about the arp problem below). It doesn't have to be perfect. > Not that the router thinks now, that the VIP belongs to > the realserver and does not use the LoadBalancer anymore. > Mh. then you haven't solved the arp problem. > And what is weird now as well, when i watch the routing > table, that there it is written, what the "ip route" > actually denied me to do: > > $ ip route > ... > default via $router dev eth1 > default dev eth1 scope link > > But I can remove the rule: > > $ ip route del default via $router dev eth1 > > But i can not add it again with "ip route add", just with > "route add" as before. > > # not working: ip route add default via $router dev eth1 > # working: route add default gw $router dev eth1 > > Weird, weird, weird. mixing (ifconfig,route) with (ip...) winds up with strange things happening. In general (ip...) sees everything that (ifconfig, route) sees, but (ifconfig, route) doesn't know about most things that (ip....) does. The routing table sees it the way ip sees it. Joe -- Joseph Mack NA3T EME(B,D), FM05lw North Carolina jmack (at) wm7d (dot) net - azimuthal equidistant map generator at http://www.wm7d.net/azproj.shtml Homepage http://www.austintek.com/ It's GNU/Linux! _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
