0

I am trying to bulid an lvs system, where 202.141.81.239 is the virtual IP and 202.141.81.241 and 202.141.81.242 are the lvs routers.Ths system is working fine in our intranet but is not through internet.

The following is my iptables configuration

# Generated by iptables-save v1.4.7 on Tue Mar 25 12:30:26 2014
*mangle
:PREROUTING ACCEPT [96:9901]
:INPUT ACCEPT [65:5340]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [48:3348]
:POSTROUTING ACCEPT [48:3348]
-A PREROUTING -d 202.141.81.239/32 -p tcp -m tcp --dport 80 -j MARK --set-xmark 0x50/0xffffffff
COMMIT
# Completed on Tue Mar 25 12:30:26 2014
MadHatter
  • 79,770
  • 20
  • 184
  • 232
nilutpal_sundi
  • 1
  • 2
  • You might have to be a **lot** more specific about "*not working fine*" before we can help. For preference, **show** us what you tried and what doesn't work; don't just **tell** us. – MadHatter Mar 25 '14 at 09:21
  • It means it is not working from outside...actually we get rpy from the gateway,we even get rpy from the virtual ip...I have tried all trial error methods...but i am not sure where the problem actualy is....I think its in the iptables.. – nilutpal_sundi Mar 25 '14 at 12:04

1 Answers1

0

It's quite difficult to know what is going on here with that information, but it depends on the routing method configured (NAT or Direct).

For example, if you are using Direct Method you should configure iptables as follows. (Source). On each REAL SERVER:

iptables -t nat -A PREROUTING -p <tcp|udp> -d <vip> --dport <port> -j REDIRECT

If it works from the internal network but not from the external one, but the servers are using public IPs instead of private IPs, in fact, could be a firewall issue (do you have another firewall protecting your servers?). If not, please review iptables for all your servers (LVS routers and real servers).

Could be a good idea, also, disabling iptables and double checking (from the internal and the external network) just to see what happens. Maybe you are using arptables_jf instead of iptables to allow redirection...

If it still doesn't work, you can try using ARP tables instead of iptables for Direct Method (if you are actually using this method).

slowhandsolo
  • 1
  • 1