iptables rules for lvs using piranha gui

0

I am trying to bulid an lvs system, where 202.141.81.239 is the virtual IP and 202.141.81.241 and 202.141.81.242 are the lvs routers.Ths system is working fine in our intranet but is not through internet.

The following is my iptables configuration

# Generated by iptables-save v1.4.7 on Tue Mar 25 12:30:26 2014
*mangle
:PREROUTING ACCEPT [96:9901]
:INPUT ACCEPT [65:5340]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [48:3348]
:POSTROUTING ACCEPT [48:3348]
-A PREROUTING -d 202.141.81.239/32 -p tcp -m tcp --dport 80 -j MARK --set-xmark 0x50/0xffffffff
COMMIT
# Completed on Tue Mar 25 12:30:26 2014
redhat
lvs
piranha
asked on Server Fault Mar 25, 2014 by nilutpal_sundi • edited Mar 25, 2014 by MadHatter

1 Answer

0

It's quite difficult to know what is going on here with that information, but it depends on the routing method configured (NAT or Direct).

For example, if you are using Direct Method you should configure iptables as follows. (Source). On each REAL SERVER:

iptables -t nat -A PREROUTING -p <tcp|udp> -d <vip> --dport <port> -j REDIRECT

If it works from the internal network but not from the external one, but the servers are using public IPs instead of private IPs, in fact, could be a firewall issue (do you have another firewall protecting your servers?). If not, please review iptables for all your servers (LVS routers and real servers).

Could be a good idea, also, disabling iptables and double checking (from the internal and the external network) just to see what happens. Maybe you are using arptables_jf instead of iptables to allow redirection...

If it still doesn't work, you can try using ARP tables instead of iptables for Direct Method (if you are actually using this method).

answered on Server Fault Mar 25, 2014 by slowhandsolo

User contributions licensed under CC BY-SA 3.0