has your second interface the same network fonfigured or is the default gateway configred on this interface?
> Am 02.09.2014 um 19:03 schrieb "Jon Hoffart" <[email protected]>: > > Did some experimenting with my load balancer and mail server. Just to recap > this is what I have: > > Load Balancer: > interfaces > eth0 1.1.1.0(physical interface) > > eth0:1 1.1.1.1(virtual IP) > > eth1 2.2.2.0 > > 1 L4xNAT farm using vip 1.1.1.1 > protocol type tcp > nat type DNAT > weighted algorithm > IP persistence > > backend server > 2.2.2.1 gateway of 2.2.2.0(eth1 on LB) > > The backend also has a second network interface, which is setup on a > different subnet. If I uninstall this interface the Load Balancer farm works > and a port scan will return all the ports that where specified. Now if I > leave this interface installed an run a port scan no ports are returned. Any > thoughts on why a seconded interface would cause this. I have tried binding > the mail services to a specific IP and still have had no luck. > >> On Aug 28, 2014, at 9:37 AM, Laura Garcia <[email protected]> wrote: >> >> Analyze your connections with tcpdump and "netstat-nat -nD". >> Note that the external net is 1.1.0.0/21. >> Check that the connection from the backend to the client is not done through >> an alternative route than the load balancer. >> >> >> >> >> On Thu, Aug 28, 2014 at 4:04 PM, Jon Hoffart <[email protected]> >> wrote: >> I have two physical interfaces setup: eth0 and eth1 >> >> eth0 is setup as 1.1.1.0/21 >> this interface also has one virtual ip eth0:0 1.1.1.1/21 >> >> eth1 is setup as 2.2.2.0/29 and has no virtual ip. >> this is programed as the Gateway in the backend server. >> >> >> >>> On Aug 28, 2014, at 7:48 AM, Laura Garcia <[email protected]> wrote: >>> >>> Hi Jon, your farm is perfectly configured with 1 backend. What about the >>> network configuration you've set in your zlb? >>> >>> >>> On Thu, Aug 28, 2014 at 3:08 PM, Jon Hoffart <[email protected]> >>> wrote: >>> netstat -L provides a result of invalid option — ‘L’ >>> >>> are you sure that the commands are netstat and not iptables. Iptables >>> returns the following >>> >>> >>> iptables -L -t nat >>> >>> Chain PREROUTING (policy ACCEPT) >>> target prot opt source destination >>> DNAT tcp -- anywhere anywhere mark match >>> 0x200 recent: SET name: _mail_0x200_sessions side: source /* FARM_mail_0_ >>> */ to:2.2.2.4 >>> >>> Chain POSTROUTING (policy ACCEPT) >>> target prot opt source destination >>> >>> Chain OUTPUT (policy ACCEPT) >>> target prot opt source destination >>> >>> >>> iptables -L -t mangle >>> >>> Chain PREROUTING (policy ACCEPT) >>> target prot opt source destination >>> MARK tcp -- anywhere 1.1.1.1 statistic mode random >>> probability 1.000000 multiport dports >>> imap2,imaps,pop3,pop3s,smtp,ssmtp,submission,6099 /* FARM_mail_0_ */ MARK >>> set 0x200 >>> MARK tcp -- anywhere 1.1.1.1 recent: CHECK seconds: >>> 120 name: _mail_0x200_sessions side: source multiport dports >>> imap2,imaps,pop3,pop3s,smtp,ssmtp,submission,6099 /* FARM_mail_0_ */ MARK >>> set 0x200 >>> >>> Chain INPUT (policy ACCEPT) >>> target prot opt source destination >>> >>> Chain FORWARD (policy ACCEPT) >>> target prot opt source destination >>> >>> Chain OUTPUT (policy ACCEPT) >>> target prot opt source destination >>> >>> Chain POSTROUTING (policy ACCEPT) >>> target prot opt source destination >>> >>> >>> >>> >>> >>>> On Aug 28, 2014, at 2:05 AM, Laura Garcia <[email protected]> wrote: >>>> >>>> Hi Jon, could you please to paste the output of the following commands? >>>> >>>> netstat -L -t nat >>>> netstat -L -t mangle >>>> >>>> Additionally, which version are you using? >>>> >>>> Regards >>>> >>>> >>>> >>>> On Wed, Aug 27, 2014 at 8:13 PM, Jon Hoffart <[email protected]> >>>> wrote: >>>> Alright here is what I have setup >>>> >>>> 1 L4xNAT farm with ip of 1.1.1.1 >>>> protocol type tcp >>>> nat type DNAT >>>> load balance algorithm Weight >>>> persistence mode IP persictence >>>> >>>> 3 backend servers on a separate subnet >>>> 2.2.2.1 >>>> 2.2.2.2 >>>> 2.2.2.3 >>>> >>>> gateways on these are set to 2.2.2.4 which is a second interface on my >>>> load balancer. >>>> >>>> so something like this Client 1.1.1.100/21 —> ZEN 1.1.1.102/21 —> Server >>>> 2.2.2.1/29 >>>> >>>> >>>>> On Aug 27, 2014, at 10:22 AM, Gruber Alexander >>>>> <[email protected]> wrote: >>>>> >>>>> Hi, >>>>> >>>>> we need a lite bit more information. >>>>> >>>>> Backendservers on a different network/sub network?Like this? >>>>> >>>>> Client --192.168.0.0/24 --> ZEN -- 192.168.1.0/24 --> Server >>>>> >>>>>> Am 27.08.2014 um 18:00 schrieb "Jon Hoffart" <[email protected]>: >>>>>> >>>>>> Hello, >>>>>> I currently have a L4xNAT farm setup to balance my mail servers. I am >>>>>> trying to use DNAT so I can identify were traffic is coming from, as NAT >>>>>> shows all traffic coming from the load balancer and not its original >>>>>> source. My issue with DNAT is that when I set the farm to use it I am >>>>>> unable to send or receive mail. I also tried running a port scan on the >>>>>> farms IP with DNAT enabled and it doesn’t return any open ports. Any >>>>>> ideas on what my cause an issue like this? >>>>>> >>>>>> Yes my backend servers have their gateway set to that of the load >>>>>> balancer. >>>>>> >>>>>> >>>>>> >>>>>> This e-mail and any attachments may contain confidential material that >>>>>> may not be disclosed, copied or distributed. If you are not the >>>>>> intended recipient(s), please contact the sender and delete all copies. >>>>>> >>>>>> ------------------------------------------------------------------------------ >>>>>> Slashdot TV. >>>>>> Video for Nerds. Stuff that matters. >>>>>> http://tv.slashdot.org/ >>>>>> _______________________________________________ >>>>>> Zenloadbalancer-support mailing list >>>>>> [email protected] >>>>>> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> Slashdot TV. >>>>> Video for Nerds. Stuff that matters. >>>>> http://tv.slashdot.org/ >>>>> _______________________________________________ >>>>> Zenloadbalancer-support mailing list >>>>> [email protected] >>>>> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support >>>> >>>> >>>> This e-mail and any attachments may contain confidential material that may >>>> not be disclosed, copied or distributed. If you are not the intended >>>> recipient(s), please contact the sender and delete all copies. >>>> >>>> ------------------------------------------------------------------------------ >>>> Slashdot TV. >>>> Video for Nerds. Stuff that matters. >>>> http://tv.slashdot.org/ >>>> _______________________________________________ >>>> Zenloadbalancer-support mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support >>>> >>>> ------------------------------------------------------------------------------ >>>> Slashdot TV. >>>> Video for Nerds. Stuff that matters. >>>> http://tv.slashdot.org/_______________________________________________ >>>> Zenloadbalancer-support mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support >>> >>> >>> This e-mail and any attachments may contain confidential material that may >>> not be disclosed, copied or distributed. If you are not the intended >>> recipient(s), please contact the sender and delete all copies. >>> >>> ------------------------------------------------------------------------------ >>> Slashdot TV. >>> Video for Nerds. Stuff that matters. >>> http://tv.slashdot.org/ >>> _______________________________________________ >>> Zenloadbalancer-support mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support >>> >>> ------------------------------------------------------------------------------ >>> Slashdot TV. >>> Video for Nerds. Stuff that matters. >>> http://tv.slashdot.org/_______________________________________________ >>> Zenloadbalancer-support mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support >> >> >> This e-mail and any attachments may contain confidential material that may >> not be disclosed, copied or distributed. If you are not the intended >> recipient(s), please contact the sender and delete all copies. >> >> ------------------------------------------------------------------------------ >> Slashdot TV. >> Video for Nerds. Stuff that matters. >> http://tv.slashdot.org/ >> _______________________________________________ >> Zenloadbalancer-support mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support >> >> ------------------------------------------------------------------------------ >> Slashdot TV. >> Video for Nerds. Stuff that matters. >> http://tv.slashdot.org/_______________________________________________ >> Zenloadbalancer-support mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support > > > This e-mail and any attachments may contain confidential material that may > not be disclosed, copied or distributed. If you are not the intended > recipient(s), please contact the sender and delete all copies. > > ------------------------------------------------------------------------------ > Slashdot TV. > Video for Nerds. Stuff that matters. > http://tv.slashdot.org/ > _______________________________________________ > Zenloadbalancer-support mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support ------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ _______________________________________________ Zenloadbalancer-support mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
