Routing config between internet load balancers and backend

Question

Im facing a problem due my lack of experiencie on routing. I need to config the next things (all run on my computer virtualized, if works, i will pass it to hardware)

[internet] ---- [DMZR]--/--[GATEWAY]---/---[LoadBalancer]---/---[BACKEND]

internet: 192.168.10.0/24 gateway:10.10.10.0/29 Loadbalancer:10.10.10.0/29 | 10.10.1.0/24 Backend:10.10.1.0/24

Loadbalancer has 2 nic, on on the same net as gateway : 10.10.10.0/29 and the other on the same net as the backend 10.10.1.0/24 From the eth1 of the loadbalancer can i get internet. The problem its from the backend. I can not even get to the gateway, but i cant reach the other side of the load balancer (10.10.10.2). Weird, very weird. I should say that, yesterday i was using on my host the ip 192.168.1.239, gateway 192.168.1.2 and when i changed to 192.168.2.5 gw 192.168.2.1 i cant achieve to let it work again.

My config:

Host: 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0e:0c:85:6f:bf brd ff:ff:ff:ff:ff:ff
    inet6 fe80::20e:cff:fe85:6fbf/64 scope link 
       valid_lft forever preferred_lft forever
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether 00:0e:0c:85:6f:bf brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.5/24 brd 192.168.10.255 scope global br0
    inet6 fe80::20e:cff:fe85:6fbf/64 scope link 
       valid_lft forever preferred_lft forever
4: dmzbr: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether fe:54:00:32:14:a7 brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.1/29 brd 10.10.10.7 scope global dmzbr
    inet6 fe80::24f2:a2ff:fe69:6cdb/64 scope link 
       valid_lft forever preferred_lft forever
5: mzbr: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether fe:54:00:59:d7:d1 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::7cfd:aaff:fe31:45dd/64 scope link 
       valid_lft forever preferred_lft forever

iproute show host:

10.10.10.0/29 dev dmzbr  proto kernel  scope link  src 10.10.10.1 
10.10.1.0/24 via 10.10.10.1 dev dmzbr 
192.168.10.0/24 dev br0  proto kernel  scope link  src 192.168.10.5 
default via 192.168.10.1 dev br0

iptables host

10.10.10.0/29 dev dmzbr  proto kernel  scope link  src 10.10.10.1 
10.10.1.0/24 via 10.10.10.1 dev dmzbr 
192.168.10.0/24 dev br0  proto kernel  scope link  src 192.168.10.5 
default via 192.168.10.1 dev br0

iptables nat

Chain PREROUTING (policy ACCEPT 2206 packets, 439K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 3271 packets, 212K bytes)
 pkts bytes target     prot opt in     out     source               destination         
   86  5582 MASQUERADE  all  --  *      br0     10.10.10.0/29        0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 2816 packets, 179K bytes)
 pkts bytes target     prot opt in     out     source               destination

config loadbalancer

auto lo eth0 eth1
iface lo inet loopback
iface eth0 inet static
        address         10.10.10.2
        netmask         255.255.255.248
        network         10.10.10.0
        broadcast       10.10.10.7
        gateway         10.10.10.1


iface eth1 inet static
        address         10.10.1.3
        netmask         255.255.255.0
        network         10.10.1.0
        broadcast       10.10.1.255
        gateway         10.10.1.3

ip route show

10.10.10.0/29 dev eth0  proto kernel  scope link  src 10.10.10.2 
192.168.10.0/24 via 10.10.10.1 dev eth0 
default via 10.10.10.1 dev eth0

iptables -nvL

Chain INPUT (policy ACCEPT 22897 packets, 22M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  eth0   eth1    0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  eth0   eth0    0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  eth1   eth0    0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 15503 packets, 1443K bytes)
 pkts bytes target     prot opt in     out     source               destination

iptables -t nat

Chain PREROUTING (policy ACCEPT 430 packets, 35328 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 2 packets, 168 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   59  3889 MASQUERADE  all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 30 packets, 1976 bytes)
 pkts bytes target     prot opt in     out     source               destination

config backend

i

face eth0 inet static
        address         10.10.1.4
        netmask         255.255.255.0
        network         10.10.1.0
        broadcast       10.10.1.255
        gateway         10.10.1.3

ip route show

10.10.10.0/29 via 10.10.1.3 dev eth0
10.10.1.0/24 dev eth0 proto kernel scope link src 10.10.1.4
default via 10.10.1.3 dev eth0

iptables on filter nothing, all with policy accept

iptables on nat nothing all with policy accept.

Thanks guys!!!!!

score 0 · Answer 1 · answered Jan 16 '13 at 22:39

0

Have you enabled ip forwarding on load balancer?

cat /proc/sys/net/ipv4/ip_forward

answered Jan 16 '13 at 22:39

Mardanian

1

Routing config between internet load balancers and backend

1 Answers1