Hi Jay,
To make this work I have setup the following:
2 NIC's in loadbalancer, one with NIC in DMZ network and one in LAN network.
Our DMZ network is in our external IP Range and LAN network is in IP range
where the clients and realservers are.
For external clients:
I have setup l4txnat farm on DMZ VIP with the realservers on the LAN side (make
sure the LAN realservers have their default gateway's set to the VIP of the LAN
side)
For internal clients :
I have setup normal TCP farm on the LAN VIP with the same realservers on LAN
side.
Also to get internet access on realservers you have to set an extra netfilter
entry on each loadbalancer in the cluster, you can read the necessary config in
my previous question to the mailinglist.
That should get you setup properly.
Kind regards,
Joey
Van: Jay A. Rossignol
Verzonden: woensdag 23 oktober 2013 20:09
Aan: [email protected]
Hi Laura,
I don't understand why clients on the same subnet cannot access the l4txnat
farm w/DNAT, here's why:
Given the network config I sent previously, if client1 (192.168.11.70) sends a
request to the farm (192.168.11.20) then the load balancer forwards the request
to backend web server site1 (192.168.11.21) using client1's IP address (DNAT).
Site1 would then simply reply to client1 directly because they are on the same
subnet, bypassing the load balancer, and all would be well. However, the
backend server never receives the request from the load balancer. Why not? Is
this a bug or am I misunderstanding the process?
Thanks!
- Jay
> zenlb: 192.168.11.10/24 gw: 192.168.11.3
> l4txnat farm 'Site' ports 80,443 DNAT: 192.168.11.20/24
> site1, real backend server: 192.168.11.21/24 gw: 192.168.11.10
> client1: 192.168.11.70/24
> client2: 192.168.1.71/24
>
> Client1 cannot connect to farm 'Site' with either port 80 or port 443.
> (tested via browser, curl, wget, telnet 80)
> Client2 can connect to farm 'Site' on both ports 80 and 443
>
----------------------------------------------------------------------
Message: 1
Date: Tue, 22 Oct 2013 08:34:04 +0200
From: Laura Garcia <[email protected]>
Subject: Re: [Zenloadbalancer-support] l4txnat multiple problems
(Laura Garcia)
To: "[email protected]"
<[email protected]>
Message-ID:
<caf90-wgqycm-ztgxaj1ppdzoy59nqfqj_sfkgqc_yvfz8kg...@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Hi, you've to reinstall from the ISO in order to get the 3.03.
Regarding to your network design, DNAT requires to isolate the backends
network from the clients network, note that if they're in the same subnet,
they're not going to communicate never through the gateway (load balancer
in this case).
Regards.
On Mon, Oct 21, 2013 at 8:57 PM, Jay A. Rossignol <[email protected]>wrote:
>
> Today's Topics:
>
> 1. l4txnat multiple problems (Jay A. Rossignol)
> 2. actions from the command line (Jay A. Rossignol)
> 3. Re: Combined Loadbalancing methods (Laura Garcia)
> 4. Re: actions from the command line (Emilio Campos)
> 5. Re: l4txnat multiple problems (Laura Garcia)
>
> -----------------------------
>
> Hi Laura,
>
> Re Stats and graphs, I have version 3.02 installed. Is there a guide for
> applying the patch? Can it be done with minimal downtime?
>
> Re network/load balancer setup:
> zenlb: 192.168.11.10/24 gw: 192.168.11.3
> l4txnat farm 'Site' ports 80,443 DNAT: 192.168.11.20/24
> site1, real backend server: 192.168.11.21/24 gw: 192.168.11.10
> client1: 192.168.11.70/24
> client2: 192.168.1.71/24
>
> Client1 cannot connect to farm 'Site' with either port 80 or port 443.
> (tested via browser, curl, wget, telnet 80)
> Client2 can connect to farm 'Site' on both ports 80 and 443
>
> Thank you!
>
> - Jay
>
> Message: 5
> Date: Mon, 21 Oct 2013 18:57:35 +0200
> From: Laura Garcia <[email protected]>
> Subject: Re: [Zenloadbalancer-support] l4txnat multiple problems
> To: "[email protected]"
> <[email protected]>
> Message-ID:
> <CAF90-WjLNLYh1VrbDpfPk=ULz=xF27d+y=
> [email protected]>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi, the l4 graphs are available since the new version 3.03.
>
> Please, write down your network design for the load balancer: network
> interfaces, IP for each one, backends IPs, etc.
>
> Regards.
>
>
>
> On Mon, Oct 21, 2013 at 5:58 PM, Jay A. Rossignol <[email protected]
> >wrote:
>
> > Hi there,
> >
> > I am new to Zen lb. I am having multiple problems with l4txnat farms.
> > Please let me know if you'd like me to send these one at a time.
> >
> > 1. I have an l4txnat farm servicing ports 80 and 443 using DNAT. The web
> > servers use the load balancer's IP as their gateway. Clients on the same
> > subnet as the load balancer cannot connect to the farm over ports 80 and
> > 443. Clients on the same subnet CAN reach the load balancer and farm's
> vip
> > otherwise (ssh, ping) Clients from other subnets are able to connect to
> > ports 80 and 443 of the farm perfectly.
> >
> > 2. My l4txnat farms do not provide any statistics or graphs while my tcp
> > farms do.
> >
> > 3. Ubuntu 10.04 servers cannot connect to 14txnat farms on ports 80 and
> > 443 regardless of subnet. Ubuntu 11.04 and up can. nmap of the farm's
> vip
> > show's the ports 80 and 443 as 'filtered' when done from a 10.04 server
> > while from a newer version of Ubuntu the ports are 'open'. Regardless of
> > the Ubuntu version, tcp farms show up as 'open'.
> >
> > Thank you!
> >
> > - Jay
> >
> >
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________
Zenloadbalancer-support mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________
Zenloadbalancer-support mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
