How to open a port on a VIP (LVS)

justemail · 06-10-2009, 04:06 AM

I have setup a LVS server (CentOS 5.3).

It seems that all PORTS on VIP address are CLOSED. It also seems that when I OPEN a port on the Primary Virtual Server, they are opened on the physical IP address port of the server. Listed below are the IPTABLES & LVS.CF files.

While reading the iptables documentation & reviewing the iptables list below, Port 80 on both Physical & Virtual IP should be OPEN. But they are NOT.

Please go to: http://www.yougetsignal.com/tools/open-ports/ & check it out Port 80 on both PIP & VIP.

So if you have setup a LVS on CentOS 5.X (or RHEL), how do you open Port 80 (or other ports) on the VIP 65.103.190.107?

Jennifer K.

FYI: When I completely disable the firewall on the Primary Virtual Server, Port 80 (and all other ports) on the VIP become open.
-----------------
lvs.cf
serial_no = 17
primary = 65.103.190.106
primary_private = 192.168.1.1
service = lvs
backup_active = 1
backup = 65.103.190.108
backup_private = 192.168.1.2
heartbeat = 1
heartbeat_port = 539
keepalive = 6
deadtime = 18
network = nat
nat_router = 192.168.1.254 eth1:1
nat_nmask = 255.255.255.255
debug_level = NONE
monitor_links = 0
syncdaemon = 0
virtual HTTP {
active = 1
address = 65.103.190.107 eth0:1
vip_nmask = 255.255.255.255
port = 80
send = "GET / HTTP/1.0\r\n\r\n"
expect = "HTTP"
use_regex = 0
load_monitor = none
scheduler = wlc
protocol = tcp
timeout = 6
reentry = 15
quiesce_server = 0
server rs1 {
address = 192.168.1.10
active = 1
weight = 1000
}
}

----------------------
[root@vs1 ~]# /sbin/service iptables status
Table: filter Chain INPUT (policy ACCEPT) num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT) num target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255 3 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0 4 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0 5 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631 8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2049 10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
12 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited [root@vs1 ~]#