[lvs-users] Unable to get LVS-Tun working

Nilesh Govindrajan me at nileshgr.com
Thu Jun 26 19:13:01 BST 2014


On Thu, Jun 26, 2014 at 4:26 PM, Nilesh Govindrajan <me at nileshgr.com> wrote:
> Hello,
>
> I am trying to setup LVS Tun on Hetzner.de servers I have. They're
> located on completely different subnets.
>
> Virtual IP is a failover IP offered by them, and from my discussion
> with support, it seems they do support any server answering with the
> failover IP irrespective of what the failover ip is routed to
> currently (some isps block as it's packet spoofing).
>
> I have added VIP to my load balancer and then I add ssh service as follows -
>
> ipvsadm -A -t VIP:22 -s rr
> ipvsadm -A -t VIP:22 -a -r s1
>
> I have enabled ip forwarding and the iptables FORWARD chain accepts
> any packet that is from or to one of my servers.
>
> On the real server, I have this -
>
> modprobe ipip
> ifconfig tunl0 VIP netmask 255.255.255.255 broadcast VIP up
> route add -host VIP dev tunl0
>
> Now, when I try to connect to VIP:22 from outside, I can see the
> packets coming to the real server in tcpdump with SYN flag. But no
> packet ever seems to leave my real server.
>
> What am I doing wrong?

Problem sorted when I had the real ssh daemon listen on VIP instead of
using netcat. Though the latter should have worked too. May be I did
some mistake in using netcat.



More information about the lvs-users mailing list