Thanks! I also saw this discussion which seemed a bit closer, but I'm unfamiliar with policy routing: http://archive.linuxvirtualserver.org/html/lvs-users/2003-10/msg00034.html
Jacoby On Fri, Jan 17, 2014 at 11:17 AM, Malcolm Turnbull <malc...@loadbalancer.org > wrote: > Jacoby, > > iptables will work on a different physical server, but does not work > on the director node this is due to the way that LVS interacts with > netfilter. > > More discussion here.... > http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.rewrite_ports.html > > If you need port re-direction you could use HAProxy instead (but its > not transparent). > > > > On 17 January 2014 18:54, Jacoby Hickerson <hickerso...@gmail.com> wrote: > > Thanks Malcolm for the response. That is how it is setup, the real > server > > is the same as the director node for one of the nodes. Even if > connecting > > to only the primary node while all others are offline it does not work. > > > > I noticed that if I use xinetd forwarding it works, but that's not what I > > want to use. I wonder why iptables wouldn't be able to work, if there > is a > > method using iptables that'd be great. > > > > Jacoby > > > > > > On Thu, Jan 16, 2014 at 11:41 PM, Malcolm Turnbull < > malc...@loadbalancer.org > >> wrote: > > > >> Jacoby, > >> > >> You could put the iptables rules on each real server instead? (which > >> would do the same trick.) > >> LVS is on the INPUT chain so its very hard to use iptables rules like > >> this on the director node. > >> Their may be a way, I just don't know of it. > >> > >> > >> > >> On 17 January 2014 01:27, Jacoby Hickerson <hickerso...@gmail.com> > wrote: > >> > I've searched Google and this mailing list but haven't quite seen the > >> same > >> > configuration and/or setup as mine. > >> > > >> > The ldirectord documentation states that port mapping on the same > server > >> > where the director resides is not possible other than masq, however it > >> says > >> > "non-fwmark". My setup is using fwmark, however, when trying to port > map > >> > from port 80 to another port, the client connection hangs. Here are > the > >> > exact details of my setup: > >> > > >> > The VIP is on the same box as the director and RIP 172.17.0.16. This > >> setup > >> > works fine when no port mapping is being done, but I need to move the > >> port > >> > to something higher than 1024. > >> > > >> > virtual=172.17.0.24:80 > >> > real=172.17.0.16:50000 gate 100 > >> > real=172.17.0.17:50000 gate 100 > >> > service=http > >> > scheduler=rr > >> > protocol=tcp > >> > checktype=connect > >> > fwmark=100 > >> > > >> > iptables: > >> > iptables -t mangle -A PREROUTING -d 172.17.0.24/32 ! -i lo -p tcp -m > tcp > >> > --dport 80 -j MARK --set-xmark 0x64/0xffffffff > >> > iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT > >> > --to-ports 50000 > >> > iptables -t nat -A OUTPUT -o lo -p tcp -m tcp --dport 80 -j REDIRECT > >> > --to-ports 50000 > >> > > >> > Issue: > >> > curl -v 'http://172.17.0.24' > >> > * About to connect() to 172.17.0.24 port 80 (#0) > >> > * Trying 172.17.0.24... > >> > > >> > 00:41:44.503581 IP 172.17.0.2.46099 > 172.17.0.24.80: Flags [S], seq > >> > 1066084928, win 14600, options [mss 1460,sackOK,TS val 2520815062 ecr > >> > 0,nop,wscale 7], length 0 > >> > 00:41:44.503581 IP 172.17.0.2.46099 > 172.17.0.24.80: Flags [S], seq > >> > 1066084928, win 14600, options [mss 1460,sackOK,TS val 2520815062 ecr > >> > 0,nop,wscale 7], length 0 > >> > 00:41:44.503658 IP 172.17.0.16.50000 > 172.17.0.2.46099: Flags [S.], > seq > >> > 824291086, ack 1066084929, win 14480, options [mss 1460,sackOK,TS val > >> > 9521949 ecr 2520815062,nop,wscale 7], length 0 > >> > 00:41:44.503663 IP 172.17.0.16.50000 > 172.17.0.2.46099: Flags [S.], > seq > >> > 824291086, ack 1066084929, win 14480, options [mss 1460,sackOK,TS val > >> > 9521949 ecr 2520815062,nop,wscale 7], length 0 > >> > > >> > So the problem I'm having is that the source ip is not being > translated > >> by > >> > iptables but sent via lvs as the RIP. Is there a kernel option, > iptables > >> > option or ipvsadm option that would allow it to change it back to the > >> VIP? > >> > > >> > Any help would be very appreciated! > >> > > >> > Jacoby > >> > _______________________________________________ > >> > Please read the documentation before posting - it's available at: > >> > http://www.linuxvirtualserver.org/ > >> > > >> > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org > >> > Send requests to lvs-users-requ...@linuxvirtualserver.org > >> > or go to http://lists.graemef.net/mailman/listinfo/lvs-users > >> > >> > >> > >> -- > >> Regards, > >> > >> Malcolm Turnbull. > >> > >> Loadbalancer.org Ltd. > >> Phone: +44 (0)870 443 8779 > >> http://www.loadbalancer.org/ > >> > >> _______________________________________________ > >> Please read the documentation before posting - it's available at: > >> http://www.linuxvirtualserver.org/ > >> > >> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org > >> Send requests to lvs-users-requ...@linuxvirtualserver.org > >> or go to http://lists.graemef.net/mailman/listinfo/lvs-users > >> > > _______________________________________________ > > Please read the documentation before posting - it's available at: > > http://www.linuxvirtualserver.org/ > > > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org > > Send requests to lvs-users-requ...@linuxvirtualserver.org > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users > > > > -- > Regards, > > Malcolm Turnbull. > > Loadbalancer.org Ltd. > Phone: +44 (0)870 443 8779 > http://www.loadbalancer.org/ > > _______________________________________________ > Please read the documentation before posting - it's available at: > http://www.linuxvirtualserver.org/ > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org > Send requests to lvs-users-requ...@linuxvirtualserver.org > or go to http://lists.graemef.net/mailman/listinfo/lvs-users > _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users
