LVS-TUN setup

最新推荐文章于 2024-06-11 16:51:18 发布

lucienchao

最新推荐文章于 2024-06-11 16:51:18 发布

阅读量825

点赞数

CC 4.0 BY-SA版权

分类专栏：杂文章标签： documentation filter server security up

本文链接：https://blog.youkuaiyun.com/lucienchao/article/details/7265588

杂专栏收录该内容

2 篇文章

订阅专栏

本文详细介绍了如何配置LVS负载均衡器，包括设置防火墙、路由、内核参数等步骤，确保客户端能够成功连接到真实服务器。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

load balancer

VIP=192.168.1.100

real server

RIP=192.168.1.10

client

CIP=192.168.1.11

steps on load balancer:

1.deactivate the firewall on the load balancer.

ifconfig eth0:100 $VIP broadcast $VIP netmask 255.255.255.255 up

route add –host $VIP dev eth0:100

echo "0" >/proc/sys/net/ipv4/ip_forward
echo "1" >/proc/sys/net/ipv4/conf/all/send_redirects
echo "1" >/proc/sys/net/ipv4/conf/default/send_redirects
echo "1" >/proc/sys/net/ipv4/conf/eth0/send_redirects

ipvsadm -A –t $VIP:22
ipvsadm -a -t $VIP:22 -r $RIP:22 -i

steps on real server:
1.deactivate the firewall on the real server.

ifconfig tunl0 $VIP broadcast $VIP netmask 255.255.255.255 up

route add –host $VIP dev tunl0

echo "0" >/proc/sys/net/ipv4/ip_forward

echo 1 > /proc/sys/net/ipv4/conf/tunl0/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/tunl0/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce

echo 0 > /proc/sys/net/ipv4/conf/tunl0/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter

steps on client

1.ssh $VIP
2.connect to the real server successfully

attention:
1.why set ip_forward as 0?
There's no forwarding in the conventional sense for LVS-Tun. (You can have ip_forward set to ON if you need it for something else, but LVS-Tun doesn't need in ON. If you don't have a good reason to have it ON, then for security turn it OFF). For more explanation see section 29.11 on http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.filter_rules.html

#set ip_forward OFF for lvs-tun director (1 on, 0 off)
echo "0" >/proc/sys/net/ipv4/ip_forward

2.why set send_redirects as 1?
Because in the LVS/DR, direcotr is not a gw for realserver, we use icmp to redirects on. 1 for on ,0 for off. So we set "send_redirects" as "1".
3.arp problem
The reason why set arp_ignore and arp_announce is for the arp problem. Details about it, please take a look at section 6 on http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.arp_problem.html.
4.why set rp_filter as 0?

LVS-DR and LVS-Tun need rp_filter=0. More details can be found section 7.9 on http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-DR.html.

All above from http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/.

lvs Documentation:http://www.linuxvirtualserver.org/Documents.html