[lvs-users] LVS-NAT setup

Vincent Li vincent.mc.li at gmail.com
Tue Aug 6 05:36:53 BST 2013


I think you probably are confused with the the iptables match
extension ipvs and ipvs core in kernel as load balancing (LVS), you
don't need to have iptables rule to make LVS work,  the iptables  '-m
ipvs' is used when you need to do source address translation (SNAT),
it is used when you don't want to point your real server gateway ip to
the lvs director in LVS NAT mode and you are also using it wrongly,
for example, in my usage I have:

echo 1 > /proc/sys/net/ipv4/vs/conntrack
iptables -t nat -A POSTROUTING -m ipvs --vaddr 10.1.72.169/32 --vport
80 -j SNAT --to-source 10.2.72.139
iptables -t nat -A POSTROUTING -m ipvs --vaddr 10.1.72.169/32 --vport
22 -j SNAT --to-source 10.2.72.139




On Sat, Aug 3, 2013 at 4:41 AM, Prasun Bhattacharjee
<prasunb25 at gmail.com> wrote:
> Dear all,
> I am trying to setup LVS-NAT load-balancer. I am using three ubuntu
> instances. Here are the instance details...
> Load-balancer
> Private IP: 192.168.20.44
> Public IP: 10.10.10.167
> Real Server
> Private IP: 192.168.16.10
> Public IP: 10.10.10.221
> Real Server
> Private IP: 192.168.16.11
> Public IP: 10.10.10.225
> Now, I have configured ipvsadm in following manner...
> root at ubuntutcs:~#
> root at ubuntutcs:~# ipvsadm -A -u 192.168.20.44:4679 -s rr
> root at ubuntutcs:~# ipvsadm -a -u 192.168.20.44:4679 -r 192.168.16.10:4679 -m
> root at ubuntutcs:~# ipvsadm -a -u 192.168.20.44:4679 -r 192.168.16.11:4679 -m
> Set "net.ipv4.ip_forward" to 1 in /etc/sysctl.conf file. Then I have
> configured iptables for NAT.
> root at ubuntutcs:~# iptables -t nat -A PREROUTING -p udp --dport 4679 -m ipvs
> --vproto udp --vaddr 192.168.20.82 --vport 5683 --vmethod MASQ --vportctl
> 5683
> root at ubuntutcs:~# iptables -t nat -A POSTROUTING -j MASQUERADE
> With this configuration, I am not able to connect real servers. I have used
> "tcpdump" to track packets. Here are snippet of tcpdump output on
> load-balancer..
> root at ubuntutcs:~# !tcp
> tcpdump -n -i any port 5683
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535
> bytes
> 14:40:09.113514 IP 10.10.10.226.45048 > 192.168.20.82.5683: UDP, length 39
> 14:40:09.113685 IP 10.10.10.226.45048 > 192.168.16.10.5683: UDP, length 39
> 14:40:23.556608 IP 10.10.10.226.47732 > 192.168.20.82.5683: UDP, length 39
> 14:40:23.556790 IP 10.10.10.226.47732 > 192.168.16.11.5683: UDP, length 39
> It seems that packets are forwarded to the real servers, but they are not
> received by real servers. I have executed "tcpdump" on real servers too,
> but did not get any packets.
> Please advice, do I need to configure real server?
> Thanks,
> Prasun
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> Send requests to lvs-users-request at LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users



More information about the lvs-users mailing list