Igor Zhbanov
2007-Jan-29 23:10 UTC
[CentOS] How to access the internet from load-balanced nodes?
Hello! I have set-up four nodes system: two LVS load balancers (CentOS) and two working nodes (openSUSE). LVS nodes have global IPs, so they able to access the internet and working nodes have only private IPs, so they cannot access internet directly. I use NAT-base load balancing. Now I need to know how give working nodes ability to access the internet? I ask this because I don't know how to write properly iptables rules so LVS balancing packets will not conflict with working nodes internet connections. Should I assign some IP-alias for default gateway for that nodes or something else? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20070130/e90357f7/attachment.html>
Jed Reynolds
2007-Jan-30 08:01 UTC
[CentOS] How to access the internet from load-balanced nodes?
Igor Zhbanov wrote:> Hello! > I have set-up four nodes system: two LVS load balancers (CentOS) and > two working nodes (openSUSE). > LVS nodes have global IPs, so they able to access the internet and > working nodes have only private IPs, so they cannot access internet > directly. I use NAT-base load balancing. > > Now I need to know how give working nodes ability to access the > internet? I ask this because I don't know how to write properly > iptables rules so LVS balancing packets will not conflict with working > nodes internet connections. Should I assign some IP-alias for default > gateway for that nodes or something else?You should read thru the LVS HowTo, more about LVS-NAT. There is no reason why your LVS load balancers can't also act as general NAT gateways, that's really what they're already doing. Just make sure your LVS-NAT gateways are masquerading internally initiated outbound traffic. I don't think you'll have a problem. Jed
Tom Brown
2007-Jan-30 10:40 UTC
[CentOS] How to access the internet from load-balanced nodes?
> Now I need to know how give working nodes ability to access the > internet? I ask this because I don't know how to write properly iptables > rules so LVS balancing packets will not conflict with working nodes > internet connections. Should I assign some IP-alias for default gateway > for that nodes or something else?make sure you can route the outbound traffic through the lvs cluster and then nat it to the external pool IP of that cluster echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -s some_internal_IP -o eth0 -j SNAT --to-source the_public_cluster_IP you can add as many of the second lines as you see fit depending on how many internal boxes you have. Also remember that the default route for the internal boxes should be an IP that is floating so that in the event of one of your LVS's crashing you can still route outbound. Hope that helps