[lvs-users] LVS-DR and IPSec
WorkingMan
signup_mail2002 at yahoo.com
Tue Nov 19 08:28:27 GMT 2013
It appears what I want is more like multi-port support. So I reset the
server with director to the following settings:
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv4.conf.default.rp_filter=0
sysctl -w net.ipv4.conf.all.rp_filter=0
iptables -t mangle -F
iptables -t mangle -A PREROUTING -i eth1 -p udp -s 0.0.0.0/0 -d 10.0.0.0/24
--dport 500 -j MARK --set-mark 111
iptables -t mangle -A PREROUTING -i eth1 -p udp -s 0.0.0.0/0 -d 10.0.0.0/24
--dport 4500 -j MARK --set-mark 111
iptables -t mangle -A PREROUTING -i eth1 -p tcp -s 0.0.0.0/0 -d 10.0.0.0/24
--dport 1723 -j MARK --set-mark 111
iptables-save
ipvsadm -C
ipvsadm -A -f 111 -p 3600 -s wlc
ipvsadm -a -f 111 -r $RS1:0 -g -w 1
Where 10.0.0.0/24 is the subnet for realservers.
directord.cf
checktimeout=10
checkinterval=2
autoreload=no
logfile="local0"
quiescent=no
virtual=111
real=RIP:0 gate
service=none
scheduler=rr
persistent=600
protocol=fwm
request="director.html"
receive="I'am alive!"
checktype=negotiate
It appears that I am getting the same error where traffic is dropped getting
ICMP port 500 unreachable on VPN server. I tried this in sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
net.ipv4.conf.all.accept_local=1
and
net.ipv4.ip_forward=1
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
None of the above works. What am I missing for this to work (ie: not get
martian issue which I see in syslog; so packets are dropped)?
Thanks,
More information about the lvs-users
mailing list