Mailing List Archive

On Thu, Jan 18, 2001 at 03:26:51PM +0100, Mailing Manager wrote:
> Hi all,
> i'm very unhappy when i made a question, in bad english, and nobody
> can help me...to solve a re-made the question! :)

Hi

I don't believe that the problem is that no one can help you. Nor that no
one is willing to help you. Put quite simply the description you give
doesn't have enough information to solve your problem.

> I have a kenrl 2.4.0.ac9 with th elittle change form ipv-0.2.1 and the
> compliation was ok.
> I can load the module and i have already a littel test script to make a test
> starting from port 9000 of my external ip directing the request to an
> internal web server at port 80.The masquerading rule is ok.
> The problem is that the lvs DOESN'T WORK, i know that is a problem of
> configuration, but i need only someone that ahve a right iptables rule to
> activate the LVS features!!!

I have not tested the exact kernel+ipvs combination that you have there but
I have tested 2.4.0-test11 + ipvs-0.1.2 with LVS NAT and it does work. I
find it highly unlikley, though not improbable that the combination you
have is broken. I think it is much more likely that there is a
configuration problem.

With this in mind could you please elaborate on the specifics of the
configuration you are trying to create and the commands you used to achive
this. A description of what exactly isn't working will also help us to help
you. The output of the following commands may also be useful in tracking
down your problem.

ipvsadm -L -n

lsmod


Lastly. Please refrain from attacking members of this list who try and help
you. Much of the help given on this list is on a voulantary, non-paid basis
so please respect peoples "free" time accordingly.


--
Horms

Hi,
i know that on this list there are busy people, and i would thanks
everybody that is helping me.
But your test are different than mine, i used 2.4 , ok, but also netfilter
adn ipvs 0.2.1.I knwo, exactly, thai it is not working, and soemthign
strange happens.
IF i run ipvs withouut iptables, only ipvs module, it works, but of course
the real server cannot go outside with MASQ.
This is soemting not necessary, right, but useful, other than iptabels rules
for a simply proteciton of the machine itself are necessary.

Thanks

Hello,

On Mon, 22 Jan 2001, Horms wrote:

> I have not tested the exact kernel+ipvs combination that you have there but
> I have tested 2.4.0-test11 + ipvs-0.1.2 with LVS NAT and it does work. I
> find it highly unlikley, though not improbable that the combination you
> have is broken. I think it is much more likely that there is a
> configuration problem.

Horms, we have compatibility problems when iptable NAT or ipfw
NAT modules are used together with the ip_vs module. In the weekend I
solved this problem and now it looks like LVS can work with the netfilter's
connection tracking and NAT. There is one problem to be solved: how
to insert one function call in ip_fw_compat.c, i.e. between the ipfw
firewall (in FORWARD:0) and do_masquerade() which is in the same hook.
For the ip_conntrack+iptable_nat it is easy because they use different
priority in the chain but for the ipfw compat mode we need to patch
a separate module. We need to place ip_vs_out() call there. See the
attached patch. I made some first tests and it seems the LVS is working
with iptable_nat together. But this is a preview version. It needs
testing. But I post it here because I'm not a big netfilter user and
don't have many complex netfilter setups. If someone wants to test it
and to report the results before it is approved from Wensong I'll be
very happy. So, don't use ipchains.o with NAT rules for now. There are
two choices: only ip_vs.o or ip_vs.o with ip_conntrack/iptable_nat.
Of course, LVS is faster when no netfilter connection tracking is used.

The attached is a patch against the devel version 0.2.1 for
Linux 2.4. It is for the users that can't wait :)


> --
> Horms


Regards

--
Julian Anastasov <ja@ssi.bg>