[email protected] wrote: > Send lvs-users mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.graemef.net/mailman/listinfo/lvs-users > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of lvs-users digest..." > > ------------------------------------------------------------------------ > > Today's Topics: > > 1. Can't access Load Balancer IP on port 80 from behind the LB > (Charl Oswald Young) > 2. Re: Can't access Load Balancer IP on port 80 from behind the > LB (Joseph Mack NA3T) > 3. Re: Can't access Load Balancer IP on port 80 from behind the > LB (Graeme Fowler) > 4. Re: Can't access Load Balancer IP on port 80 from behind the > LB (L.S. Keijser) > > > ------------------------------------------------------------------------ > > Subject: > [lvs-users] Can't access Load Balancer IP on port 80 from behind the LB > From: > Charl Oswald Young <[email protected]> > Date: > Wed, 02 Jun 2010 17:24:20 +0200 > To: > [email protected] > > To: > [email protected] > > > Hi, > > My setup is as follows: I have a firewall which runs LVS and when port > 80 traffic hits the Load Balancer (LB) IP it distributes to my two web > servers (10.0.0.10 and 10.0.0.20) - pretty regular setup I assume. > > Now the problem I'm having is when trying to call a URL (for which the > domain points to my LB IP) from behind the LB the request times out. > Please note that I didn't setup this infrastructure, but inherited it > and my knowledge if LVS is little. > > My LVS IP Table rules are: > > iptables -t raw -I PREROUTING -d 41.203.2.222 -p tcp --dport 80 -j > NOTRACK > iptables -t filter -I INPUT -d 41.203.2.222 -p tcp --dport 80 -j ACCEPT > iptables -t filter -I OUTPUT -s 41.203.2.222 -p tcp --sport 80 -j ACCEPT > iptables -t filter -I FORWARD -d 10.0.0.10/32 -p tcp --dport 80 -j ACCEPT > iptables -t filter -I FORWARD -d 10.0.0.20/32 -p tcp --dport 80 -j ACCEPT > iptables -t filter -I FORWARD -s 10.0.0.10/32 -p tcp --sport 80 -j ACCEPT > iptables -t filter -I FORWARD -s 10.0.0.20/32 -p tcp --sport 80 -j ACCEPT > > My ldirectord.cf looks like: > > checktimeout=3 > checkinterval=1 > autoreload=yes > quiescent=yes > > virtual=41.203.2.222:80 > protocol=tcp > real=10.0.0.10:80 masq > real=10.0.0.20:80 masq > scheduler=lc > service=http > > Given the fact that `telnet 41.203.2.222 80` times out (only) from > behind the LB I'm almost certain this is a routing issue, but I allow > free flow of port 80 traffic in both directions in my Firehol config. > ANY ideas or pointers on how to solve this would be greatly appreciated. > > Thanks, > Charl > > > > ------------------------------------------------------------------------ > > Subject: > Re: [lvs-users] Can't access Load Balancer IP on port 80 from behind > the LB > From: > Joseph Mack NA3T <[email protected]> > Date: > Wed, 2 Jun 2010 09:01:41 -0700 (PDT) > To: > "LinuxVirtualServer.org users mailing list." > <[email protected]> > > To: > "LinuxVirtualServer.org users mailing list." > <[email protected]> > > > On Wed, 2 Jun 2010, Charl Oswald Young wrote: > >> Now the problem I'm having is when trying to call a URL (for which the >> domain points to my LB IP) from behind the LB the request times out. > > read the HOWTO about clients on realservers > > Joe > > > ------------------------------------------------------------------------ > > Subject: > Re: [lvs-users] Can't access Load Balancer IP on port 80 from behind > the LB > From: > Graeme Fowler <[email protected]> > Date: > Wed, 02 Jun 2010 20:12:12 +0100 > To: > "LinuxVirtualServer.org users mailing list." > <[email protected]> > > To: > "LinuxVirtualServer.org users mailing list." > <[email protected]> > > > On Wed, 2010-06-02 at 09:01 -0700, Joseph Mack NA3T wrote: > >> read the HOWTO about clients on realservers >> > > To flesh out Joe's comment, the short answer is: you can't. > > The longer answer is: you *might* be able to, but there is no guarantee > that it will work at all. If it does, there's no guarantee it will > continue to work. > > Feel free to rad through the thread in the HOWTO that Joe mentioned and > you'll get a handle on why it doesn't generally work. > > Graeme > > > > > > ------------------------------------------------------------------------ > > Subject: > Re: [lvs-users] Can't access Load Balancer IP on port 80 from behind > the LB > From: > "L.S. Keijser" <[email protected]> > Date: > Thu, 03 Jun 2010 08:22:23 +0200 > To: > "LinuxVirtualServer.org users mailing list." > <[email protected]> > > To: > "LinuxVirtualServer.org users mailing list." > <[email protected]> > > > On Wed, 2010-06-02 at 20:12 +0100, Graeme Fowler wrote: > >> On Wed, 2010-06-02 at 09:01 -0700, Joseph Mack NA3T wrote: >> >>> read the HOWTO about clients on realservers >>> >> To flesh out Joe's comment, the short answer is: you can't. >> >> The longer answer is: you *might* be able to, but there is no guarantee >> that it will work at all. If it does, there's no guarantee it will >> continue to work. >> >> Feel free to rad through the thread in the HOWTO that Joe mentioned and >> you'll get a handle on why it doesn't generally work. >> > > > If you don't have too many sites (apache vhosts) configured, you can add > them to /etc/hosts on the realserver as the RIP or 127.0.0.1. That way a > wget/curl/whatever started on the realserver will not go through the > director. > > > Léon > > > > > ------------------------------------------------------------------------ > > _______________________________________________ > lvs-users mailing list > [email protected] > http://lists.graemef.net/mailman/listinfo/lvs-users > Thanks Léon!
Awesome workaround - should have thought of this myself :) Cheers, Charl _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
