Problem with fallback 127.0.0.1:80

Arnd m_list at eshine.de
Thu May 11 13:08:46 BST 2006 

Hi,

Dominik Klein schrieb:
>> 'ipvsadm -L -n' shows the following enrty:
>>
>> TCP  <public_ip>:80 wlc
>>  -> 127.0.0.1:80                 Local   1      0          0     
>> Doesn't this entry must show "masq" on the line with "127.0.0.1" 
>> instead of "Local"? 
> 
> No. Local is fine.
> 
>> If the servers are up they are in the list with "-> 192.168.1.151 masq 
>> 100 0 0". Do I need to set any iptable-rules (masquerading) for beeing 
>> able to connect to the fallback-server from the internet? 
> 
> Normally not. Do you have any other iptables rules on your director that 
> may be blocking this?

The iptables rules allow access to any internal server, port 80 and 443.

Rules for the lo-device are all open:

$IPT -t filter -A INPUT -p all -i lo -j ACCEPT
$IPT -t filter -A OUTPUT -p all -o lo -j ACCEPT

$IPT -t nat -A POSTROUTING -o $WAN_IFACE -j MASQUERADE

I was not setting up the firewall rules so maybe I overlooked one rule. 
But a dropping firewal should throw away any syn-packets (drop) and 
while I'm receiving an "reset" it must be anything else.

The tcp-packet arrives on the external interface but it is not 
redirected to the lo-interface. Is this not a director task?

Arnd

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list