[lvs-users] keepalived: SSH getting "No route to host"

Gerry Reno greno at verizon.net
Fri Sep 21 04:27:51 BST 2007 

Gerry Reno wrote:
> Gerry Reno wrote:
>   
>> Con Tassios wrote:
>>   
>>     
>>> Would you need something like this on the real servers?
>>>
>>> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 33322 -j REDIRECT --to-port 22
>>>
>>>   
>>>     
>>>       
>> In conjunction with Graeme's suggestion about sshd_config, your rule 
>> works, when used on the directors.
>>
>> Gerry
>>   
>>     
> I guess I should add that the SSH rule in keepalived.conf was modified 
> from 33322 back to just 22.
>
> Gerry
>
>   
Hmm... I may have spoken too soon. It looks like the access is only 
going to the director DIP and not to RS.

In iptables on directors:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 33322 -j REDIRECT --to-port 22


In /etc/ssh/sshd_config:
ListenAddress 192.168.1.150 # the DIP

In keepalived.conf:
virtual_server 192.168.1.240 22 { <--- changed from 33322
...
real_server 192.168.1.25 22 {
...

from remote machine:
ssh -p 33322 user at VIP
but the access is to the DIP instead of RS

So here is how I thought this would work:
  The ssh request comes into eth0 on VIP:33322 and the firewall redirects this to VIP:22 (or does it?) and then shouldn't IPVS direct this to RS:22?  and then the response from RS go back to VIP:33322?  It's not doing that.  It's going to DIP:22.

????

Gerry

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list