> On Tue, 2010-05-04 at 15:48 +0200, Michiel van Es wrote: >> I am trying iptables -F but then no connection is made to the real >> server (server1). >> I am affraid I only Flush the filter table but not other tables..how can >> I check this? >> iptables -L -vn or with arptables? >> > > Disclaimer: i have never used arptables. That said, why are you using > arptables? I recall both your realservers are running CentOS 5.4 so > setting the arp_ignore and arp_announce flags should be sufficient to > handle the ARP problem.
I did not used it, it is being used in several howto's. I removed the whole package to make sure it isn't used. > > Please post the bash script you're using to setup the loopback device > etc. so i can take a look and maybe adjust it. echo "0" >/proc/sys/net/ipv4/ip_forward cat /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce /sbin/ifconfig lo:110 194.145.200.87 broadcast 194.145.200.87 netmask 0xffffffff up /sbin/ifconfig lo:110 /sbin/route add -host 194.145.200.87 dev lo:110 I also run this script on server2 in exact the same way. > > And since you're running CentOS, issuing: > > $ service iptables stop > > on all nodes should be enough to clear the firewall rules. Once you got > your LVS setup working, add rules one at a time, while testing your > setup and finally issue: > > $ service iptables save > > once you're satisfied, to save all active rules > to /etc/sysconfig/iptables. But for now, let's not add firewall rules > to further complicate things. When I stop Iptables orflush them the reaction from the client is different(as stated before). With iptables on: [r...@knox01 ~]# telnet 194.145.200.87 25 Trying 194.145.200.87... telnet: connect to address 194.145.200.87: No route to host telnet: Unable to connect to remote host: No route to host [r...@knox01 ~]# telnet 194.145.200.87 25 With iptables off (service iptables stop) on server1: (takes a long time) Nothing happens: r...@knox01 ~]# telnet 194.145.200.87 25 Trying 194.145.200.87... Could I run some tcpdumps on real servers and LVS dr to check what is going wrong? I think something else is rerouting the packages wrong...but what it is? route on both real servers are the same. > > > Léon Michiel > > > > _______________________________________________ > Please read the documentation before posting - it's available at: > http://www.linuxvirtualserver.org/ > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org > Send requests to lvs-users-requ...@linuxvirtualserver.org > or go to http://lists.graemef.net/mailman/listinfo/lvs-users _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users
