Interesting Setup?

Jacco van Koll jko at
Sat Aug 6 11:36:00 BST 2005

Hello all,

Whilst playing with a linux virtual server setup, i ran into some 
problems. I use the following setup:

I have 3 boxes, which are all connected to the public network, but also 
to a private segment.

Like this:
net (
                                      |                  |              |
                                      |       loadbalancer    |
                                      |                 /\              |
                                      |                /  \             |
                                      |               /    \            |
                                      |              /      \           |
                                  server 1- - -        - - - server 2

The connections between the loadbalancer and the real servers is done by 
a vlan part on a switch, with addresses.

I would like to have the following setup:

1. All webtraffic (http/https) must be handled by the loadbalancer
2. All ssh traffic must be performed directly to the real servers
3. Optional, i must have the possibility for handling certain protocols 
by the real servers, like DNS, or, if there is the need, by the 
loadbalancer. (like pop3 for example)

Whenever i add the default route on the real servers to the gateway, nothting happens when connecting to the 
loadbalancer port 80. When i change the default route to the private ip 
on the loadbalancer, it works, but the real servers cannot be connected 
trough ssh.

I am fighting this issue for about a month now, and tried all info i 
already found with search engines, howto's and mailinglists, and i am 
still puzzled. Can anyone help me out here?

The following script is now running on the loadbalancer:

# From the LVS site:
# To make the load balancer forward the masquerading packets
# echo 1 > /proc/sys/net/ipv4/ip_forward
# ipchains -A forward -j MASQ -s -d
# Add virtual service and link a scheduler to it
#    ipvsadm -A -t -s wlc  (Weighted Least-Connection 
#    ipvsadm -A -t -s wrr  (Weighted Round Robing 
scheduling )
# Add real server and select forwarding method
#    ipvsadm -a -t -r -m
#    ipvsadm -a -t -r -m -w 2
#    ipvsadm -a -t -r -m

export PATH

log() {
  echo "$1"
    test -x "$LOGGER" && $LOGGER -p info "$1"

LSMOD=`which lsmod`
MODPROBE=`which modprobe`
IPTABLES=`which iptables`
IP=`which ip`
LOGGER=`which logger`
IPVSADM=`which ipvsadm`

echo -n "Initialized programs: "
echo -n "$LSMOD "
echo -n "$MODPROBE "
echo -n "$IPTABLES "
echo -n "$IP "
echo -n "$LOGGER "
echo -n "$IPVSADM "

if $IP link ls >/dev/null 2>&1; then
  echo "iproute not found"
  exit 1

INTERFACES="eth0 eth1 lo "
    for i in $INTERFACES ; do
    $IP link show "$i" > /dev/null 2>&1 || {
    log "Interface $i does not exist"
    exit 1

# First make the stuff go forward
        echo -n "Enable ip forwarding: "
        echo 1 > /proc/sys/net/ipv4/ip_forward
        echo "Done"

# Now make the NAT work (MASQUERADE)
        echo -n "Enable Masquerade: "
        $IPTABLES -t nat -A POSTROUTING -o eth0 -s -j 
        echo "Done"
# Now make portforwarding work (DNAT)
        echo -n "Enable portforwards (DNAT PORT 81 and 82): "
        echo -n "server 1 "
        $IPTABLES -t nat -A PREROUTING  -p tcp -d --dport 
81 -j DNAT --to-destination
        echo -n "server 2 "
        $IPTABLES -t nat -A PREROUTING  -p tcp -d --dport 
82 -j DNAT --to-destination
        echo "Done...."
        echo -n "Enable portforwards (DNAT PORT 6001 and 6002): "
        echo -n "server 1 "
        $IPTABLES -t nat -A PREROUTING  -p tcp -d --dport 
6001 -j DNAT --to-destination
        echo -n "server 2 "
        $IPTABLES -t nat -A PREROUTING  -p tcp -d --dport 
6002 -j DNAT --to-destination
        echo "Done...."

# Now make the public side know which ports
        echo -n "Enable LB Known ports: "
        $IPVSADM -A -t -s wrr
        $IPVSADM -A -t -s wrr
        echo "Added ports 80 and 443"

# Now make the rules to servers
        echo -n "Loadbalancing to servers port 80: "
        $IPVSADM -a -t -r -m
        $IPVSADM -a -t -r -m -w 2
        echo "Added servers 1 and 2"
        echo -n "Loadbalancing to servers port 443: "
        $IPVSADM -a -t -r -m
        $IPVSADM -a -t -r -m -w 2
        echo "Added servers 1 and 2 both http and https"


J. van Koll

More information about the lvs-users mailing list