Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Linux Virtual Server>
  3. Users
[lvs-users] Unable to get LVS-Tun working
me at nileshgr
Jun 26, 2014, 3:56 AM
Post #1 of 2 (1134 views)
Permalink
Hello,

I am trying to setup LVS Tun on Hetzner.de servers I have. They're
located on completely different subnets.

Virtual IP is a failover IP offered by them, and from my discussion
with support, it seems they do support any server answering with the
failover IP irrespective of what the failover ip is routed to
currently (some isps block as it's packet spoofing).

I have added VIP to my load balancer and then I add ssh service as follows -

ipvsadm -A -t VIP:22 -s rr
ipvsadm -A -t VIP:22 -a -r s1

I have enabled ip forwarding and the iptables FORWARD chain accepts
any packet that is from or to one of my servers.

On the real server, I have this -

modprobe ipip
ifconfig tunl0 VIP netmask 255.255.255.255 broadcast VIP up
route add -host VIP dev tunl0

Now, when I try to connect to VIP:22 from outside, I can see the
packets coming to the real server in tcpdump with SYN flag. But no
packet ever seems to leave my real server.

What am I doing wrong?

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] Unable to get LVS-Tun working [ In reply to ]
me at nileshgr
Jun 26, 2014, 11:13 AM
Post #2 of 2 (1083 views)
Permalink
On Thu, Jun 26, 2014 at 4:26 PM, Nilesh Govindrajan <me@nileshgr.com> wrote:
> Hello,
>
> I am trying to setup LVS Tun on Hetzner.de servers I have. They're
> located on completely different subnets.
>
> Virtual IP is a failover IP offered by them, and from my discussion
> with support, it seems they do support any server answering with the
> failover IP irrespective of what the failover ip is routed to
> currently (some isps block as it's packet spoofing).
>
> I have added VIP to my load balancer and then I add ssh service as follows -
>
> ipvsadm -A -t VIP:22 -s rr
> ipvsadm -A -t VIP:22 -a -r s1
>
> I have enabled ip forwarding and the iptables FORWARD chain accepts
> any packet that is from or to one of my servers.
>
> On the real server, I have this -
>
> modprobe ipip
> ifconfig tunl0 VIP netmask 255.255.255.255 broadcast VIP up
> route add -host VIP dev tunl0
>
> Now, when I try to connect to VIP:22 from outside, I can see the
> packets coming to the real server in tcpdump with SYN flag. But no
> packet ever seems to leave my real server.
>
> What am I doing wrong?

Problem sorted when I had the real ssh daemon listen on VIP instead of
using netcat. Though the latter should have worked too. May be I did
some mistake in using netcat.

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal