I have configured LVS on cent os using piranha tool .I am using vip of internal n/w as gateway for real server we have two NIC one having exteranl Ip and other for internal n/w which is on 192.168.3.0/24 network.
But I am not able to connect from client it shows connection refused
error
. Please suggest iptables rules for private n public n/w to communicate. May be I am missing this . Iptables rules that we have added are :
iptables -t nat -A POSTROUTING -p tcp -s 192.168.3.0/24 --sport 5000 -j MASQUERADE
this is my ipconfig:
eth0 Link encap:Ethernet HWaddr 00:00:E8:F6:74:DA
inet addr:122.166.233.133 Bcast:122.166.233.255 Mask:255.255.255.0
inet6 addr: fe80::200:e8ff:fef6:74da/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:94433 errors:0 dropped:0 overruns:0 frame:0
TX packets:130966 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9469972 (9.0 MiB) TX bytes:19929308 (19.0 MiB)
Interrupt:16 Base address:0x2000
eth0:1 Link encap:Ethernet HWaddr 00:00:E8:F6:74:DA
inet addr:122.166.233.136 Bcast:122.166.233.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16 Base address:0x2000
eth1 Link encap:Ethernet HWaddr 00:E0:20:14:F9:2D
inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0
inet6 addr: fe80::2e0:20ff:fe14:f92d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:123718 errors:0 dropped:0 overruns:0 frame:0
TX packets:148856 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:18738556 (17.8 MiB) TX bytes:11697153 (11.1 MiB)
Interrupt:17 Memory:60000400-600004ff
eth1:1 Link encap:Ethernet HWaddr 00:E0:20:14:F9:2D
inet addr:192.168.3.10 Bcast:192.168.3.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:17 Memory:60000400-600004ff
eth2 Link encap:Ethernet HWaddr 00:16:76:6E:D1:D2
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:21 Base address:0xa500
and ipvsadm -ln command
[root@abts-kk-static-133 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 122.166.233.136:5000 wlc
TCP 122.166.233.136:5004 wlc
lvs server routing table
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
122.166.233.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1004 0 0 eth1
0.0.0.0 122.166.233.1 0.0.0.0 UG 0 0 0 eth0
real 1
real 2
we have configured various ports from 5000:5008 .
Do we need to this iptables for all ports?
Suggest me how should I solve this issue.
Best Answer
First, you need to decide what type of LVS you want: NAT, TUN, or DR.
You appear to want NAT so you'll need -m options to ipvsadm for your real servers.
A test piranha config is available here:
http://www.linuxvirtualserver.org/docs/ha/piranha.html
Rather than manually configuring the NAT with your own iptables rule, you let ipvsadm do the NAT for you. Delete your iptables rule, and for that matter, delete the aliased interfaces you specify above ending in :1. That will greatly simplify things and get you on the right track.
Make sure your default gw on your real servers in 192.168.3.1. From the Director, try pinging each of your realservers and also try telnetting to the LVS port(s) which look to be 5000/5004. If all that is working, go back to your client and try telnetting to 5000/5004 on your VIP.