LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-02-2011, 11:00 AM   #1
shorif2000
LQ Newbie
 
Registered: Mar 2011
Posts: 13

Rep: Reputation: 0
Keepalived redirect public vip to private vip


I have a strange problem and I can't seem to find clear information on
how to do this .

I have 2 loadbalancer set up keepalived NAT mode with 2 interfaces each

internal vip - 192.168.0.199
external vip - 195.x.x.21


lb1 -master
bond0 - private - 192.168.0.239
eth5 - public - 195.x.x.41


lb1 -slave
bond0 - private - 192.168.0.238
eth5 - public - 195.x.x.42



results of watch -n 0.5 ipvsadm -ln

Code:
 Every 0.5s: ipvsadm
 -ln
 Tue Jun  7 14:15:25 2011

IP Virtual Server version 1.2.1 (size=4096)
 Prot LocalAddress:Port Scheduler Flags
     ->  RemoteAddress:Port           Forward Weight ActiveConn InActConn
 TCP  192.168.0.198:3306 wrr
     ->  192.168.0.239:4041           Local   1      0          0
 TCP  192.168.0.199:80 rr
    ->  192.168.0.235:80             Masq    1      0          0
     ->  192.168.0.236:80             Masq    1      0          0
     ->  192.168.0.237:80             Masq    1      0          0
 TCP  192.168.0.199:443 rr
     ->  192.168.0.235:443            Masq    1      0          0
     ->  192.168.0.236:443            Masq    1      0          0
     ->  192.168.0.237:443            Masq    1      0          0

i can'T seem to nat incoming connections from external ip to internal ip.
i have managed to allow outgoing from cluster to public using

Code:
       iptables -t nat -A POSTROUTING -o eth5 -j MASQUERADE
or

Code:
       iptables -t nat -A POSTROUTING ! -d 192.168.0.1/24 -j SNAT --to 195.x.x.21


I have tried this:

Code:
iptables -t nat -A PREROUTING --dst 195.x.x.21 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.235
which works but directs traffic to 1 server on in the cluster, but if i
try the internal vip i get nothing


Code:
       
iptables -t nat -A PREROUTING --dst 195.x.x.21 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.199

when i test with wget from any lan pc i get following error in syslog


Code:
Jun  7 14:11:30 lb1 kernel: [ 6845.854613] ip_rt_bug: 217.35.126.204 ->  192.168.0.199, eth5

Can anyone help?


I have tried the following


Code:
iptables -t nat -A PREROUTING --dst 195.x.x.21 -p tcp --dport 80  -j LOG --log-level warn --log-prefix "INPUT port80-"
iptables -t nat -A PREROUTING -i eth5  --dst 195.x.x.21 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.199:80

iptables -t nat -A POSTROUTING ! -d 192.168.0.1/24 -j LOG --log-level warn --log-prefix "OUT port80-"
iptables -t nat -A PREROUTING --dst 195.x.x.21 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.199:80

and in my /var/log/messages i see the following when trying to acces the
inetrnal vip either through telnetting to public vip or netcat or wget
or in browser

Code:
Jun  7 16:04:20 lb1 kernel: [13615.643902] INPUT port80-IN=eth5 OUT= MAC=60:eb:69:dc:17:ab:ec:c8:82:e4:ee:01:08:00 SRC=217.35.126.204 DST=195.x.x.21 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=35908 DF PROTO=TCP SPT=38764 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0

Jun  7 16:00:44 lb1 kernel: [13399.730256] OUT port80-IN= OUT=eth5 SRC=192.168.0.237 DST=74.201.14.5 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=58040 DF PROTO=TCP SPT=35769 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0

These are the same messages i get when i use a psychical server in the
iptables rules such as 192.168.0.237 instead of the vip.

Last edited by shorif2000; 06-07-2011 at 10:46 AM.
 
Old 06-07-2011, 10:33 AM   #2
shorif2000
LQ Newbie
 
Registered: Mar 2011
Posts: 13

Original Poster
Rep: Reputation: 0
BUMP
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Why am I seeing private ip's on a public network rbees Linux - Networking 2 11-06-2008 06:54 PM
public, private, protected...?(C++) name_in_use450 Programming 6 10-07-2008 11:43 PM
public and private network here2serve Linux - Distributions 7 12-03-2006 12:34 AM
public vs private ip emailssent Linux - Networking 2 09-28-2004 02:11 AM
anonymous private redirect fatman Linux - General 1 02-27-2004 09:03 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:26 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration