I am trying to bulid an lvs system, where 220.127.116.11 is the virtual IP and 18.104.22.168 and 22.214.171.124 are the lvs routers.Ths system is working fine in our intranet but is not through internet.
The following is my iptables configuration
# Generated by iptables-save v1.4.7 on Tue Mar 25 12:30:26 2014 *mangle :PREROUTING ACCEPT [96:9901] :INPUT ACCEPT [65:5340] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [48:3348] :POSTROUTING ACCEPT [48:3348] -A PREROUTING -d 126.96.36.199/32 -p tcp -m tcp --dport 80 -j MARK --set-xmark 0x50/0xffffffff COMMIT # Completed on Tue Mar 25 12:30:26 2014
It's quite difficult to know what is going on here with that information, but it depends on the routing method configured (NAT or Direct).
For example, if you are using Direct Method you should configure iptables as follows. (Source). On each REAL SERVER:
iptables -t nat -A PREROUTING -p <tcp|udp> -d <vip> --dport <port> -j REDIRECT
If it works from the internal network but not from the external one, but the servers are using public IPs instead of private IPs, in fact, could be a firewall issue (do you have another firewall protecting your servers?). If not, please review iptables for all your servers (LVS routers and real servers).
Could be a good idea, also, disabling iptables and double checking (from the internal and the external network) just to see what happens. Maybe you are using arptables_jf instead of iptables to allow redirection...
If it still doesn't work, you can try using ARP tables instead of iptables for Direct Method (if you are actually using this method).
User contributions licensed under CC BY-SA 3.0