Connection lost after running rc.lvs_dr script

Malcolm Turnbull malcolm at
Fri Apr 15 08:53:50 BST 2005

Jeff Kilbride wrote:

>Hi Joe,
>Actually, no, I'm not very glad my director, and now it seems my
>realservers, can't connect to the outside world after running the setup
>script. While I understand the need for security, I have the ability to
>secure my machines without completely severing them from the internet.

Um, as I understand it the setup script is mainly for testing, as you 
will logicaly need a health checking daemon in combination with LVS to 
make it more usesfull than round robin DNS (i.e. use 
ldirectord,keepalived or mon.)

If you want your real servers to be accessible as normal without 
infrastructure changes either use DR or TUN mode that don't change your 
topology. OR read the instructions about MASQ/NAT mode, by default LVS 
only forwards packets on the VIP if you want access to the internet or 
access to the RIPs from the internet you will obviously need to put some 
firewall rules in your new LVS/NAT/Firewall which is what you've 
effectivley created.

As far as I'm aware this is what other commercial vendors 
F5/Foundry/CISCO etc also do with their products, and also why most 
people find them a bugger to test before setting up live (i.e. you must 
have a test environment).


Malcolm Turnbull. Limited
Office: +44 (0)870 443 8779
Mobile: +44 (0)7715 770523

 " When a single point of failure is not an option"

Why not try our online demonstration 
<> ? Or get answers to common 
questions <> ?

More information about the lvs-users mailing list