Problem loadbalancing email servers
Graeme Fowler
graeme at graemef.net
Fri Dec 1 16:54:47 GMT 2006
On 01/12/2006 16:47, Owens, Ron wrote:
> There's no firewall between the director and the cluster nodes. They
> work with http and squid with no modification.
Right, but is there a firewall ruleset on the director, or in front of
it somewhere? An ICMP Host Unreachable error is being generated
somewhere, and as it's one of the most common targets for iptables (-j
REJECT) it makes me think the obvious.
> The RIP of the director is 140.203.7.81
> The IP of the mail server is 140.203.7.16
I can't reach either of them, via ICMP, IP or TCP.
> I tried adding:
>
> iptables -A INPUT -i eth0 -p tcp ! --syn -s 140.203.7.81 --sport 25 -d
> 140.203.7.16 --dport 1024:65535 -j ACCEPT
>
> but this didn't help ....
Umm... I don't think it will. If I read that correctly you're ACCEPTING
packets coming in on eth0 which are TCP and aren't SYNs, from
140.203.7.81 where the source port is 25 and the dest ports are
unprivileged. I'd expect to only see that end of a connection on a
remote client...
Anyway, please provide:
1. Output from "ipvsadm -L -n" on the director
2. Output from "iptables -L -n" on the director
3. Output from "iptables -L -n" on the realserver(s)
Graeme
More information about the lvs-users
mailing list