Nick, Take the iptables SNAT rule out for debugging purposes, it is not needed for load balancing via LVS (LVS handles its own NAT).
2009/9/2 Nick Couchman <[email protected]> > > The docs on the web site seem to be a little bit out of date, so I figured > I'd hit the mailing list to try to find some help with my problem. First, > here's what I'm trying to do: > - I have a half-dozen Windows-based virtual machines (XEN) that I need to > load-balance between. In the past, I've been using the direct route method, > but I've run into some issues - some very strange behavior (like my IPVS > director deciding to send out RSET packets to all of the clients at seemingly > random intervals). > - The IPVS director is also a Xen domU (VM), running SuSE Linux. > > Having had issues in the past with the DR method, I decided to try my luck at > the NAT method. So, I enabled IP forwarding on my director: > sysctl net.ipv4.ip_forward=1 > > added a virtual IP address: > ifconfig eth0:2 <virtual IP> > > added an iptables nat rule: > iptables -t nat -A POSTROUTING -s 172.16.34.0/24 -j SNAT --to-source <virtual > IP> > > and updated the IPVS service table: > ipvsadm -A -t <virtual IP>:1234 -s wlc > ipvsadm -a -t <virtual IP>:1234 -r 172.16.34.10:1234 -m -x 1 > > Inside this particular Windows machine, I set the default route to the IP of > the directory (172.16.34.1). If I ping an IP address elsewhere on my > network, packets appear to be routed correctly and a look at the output of > "iptables -t nat -nvL" shows the packet counters for the rule I added in the > POSTROUTING table incrementing properly. However, if I try to connect to the > virtual IP address on the port 1234, the connection never gets established. > A packet dump shows the traffic going from the source machine (my laptop) to > the director, and then being passed on the Windows machine. I also see > return packets from the Windows machine go back to the IPVS director, > however, after that they just get "lost" - the counters in iptables do not > increment, nor do the packets ever show up on the outside interface. Is > there something I'm doing wrong to get this setup to work? I'm following the > configuration guide for the 2.4 kernel stuff from the linuxvirtualserver.org > web site, since this is the closest I can find to current kernel versions. > > Thanks, > Nick > > > -------- > This e-mail may contain confidential and privileged material for the sole use > of the intended recipient. If this email is not intended for you, or you are > not responsible for the delivery of this message to the intended recipient, > please note that this message may contain SEAKR Engineering (SEAKR) > Privileged/Proprietary Information. In such a case, you are strictly > prohibited from downloading, photocopying, distributing or otherwise using > this message, its contents or attachments in any way. If you have received > this message in error, please notify us immediately by replying to this > e-mail and delete the message from your mailbox. Information contained in > this message that does not relate to the business of SEAKR is neither > endorsed by nor attributable to SEAKR. > _______________________________________________ > Please read the documentation before posting - it's available at: > http://www.linuxvirtualserver.org/ > > LinuxVirtualServer.org mailing list - [email protected] > Send requests to [email protected] > or go to http://lists.graemef.net/mailman/listinfo/lvs-users -- Regards, Malcolm Turnbull. Loadbalancer.org Ltd. Phone: +44 (0)870 443 8779 http://www.loadbalancer.org/ _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
