Last active
December 17, 2015 22:59
-
-
Save pcarrier/5686508 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Setup | |
sudo ipvsadm -C | |
sudo ipvsadm -R <<EOF | |
-A -t 169.254.254.1:80 | |
-a -t 169.254.254.1:80 -r 173.194.41.131:80 -m | |
EOF | |
# Add a host | |
sudo ipvsadm -R <<EOF | |
-a -t 169.254.254.1:80 -r 173.194.41.132:80 -m | |
EOF | |
# Remove a host | |
sudo ipvsadm -R <<EOF | |
-d -t 169.254.254.1:80 -r 173.194.41.131:80 | |
EOF | |
# Read list of services and hosts | |
sudo ipvsadm -Sn | |
--- Notes from original attempt --- | |
# ip a s dev lo | |
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN | |
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 | |
inet 127.0.0.1/8 scope host lo | |
inet 127.0.0.2/32 scope host lo | |
inet6 ::1/128 scope host | |
valid_lft forever preferred_lft forever | |
# sysctl net.ipv4.ip_forward net.ipv4.vs.conntrack | |
net.ipv4.ip_forward = 1 | |
net.ipv4.vs.conntrack = 1 | |
# iptables -S | |
-P INPUT ACCEPT | |
-P FORWARD ACCEPT | |
-P OUTPUT ACCEPT | |
# iptables -S -t nat | |
-P PREROUTING ACCEPT | |
-P INPUT ACCEPT | |
-P OUTPUT ACCEPT | |
-P POSTROUTING ACCEPT | |
-A POSTROUTING -j MASQUERADE | |
# ipvsadm -Sn | |
-A -t 127.0.0.1:80 -s wlc | |
-a -t 127.0.0.1:80 -r 173.194.41.131:80 -m -w 1 | |
-a -t 127.0.0.1:80 -r 173.194.41.132:80 -m -w 1 | |
-a -t 127.0.0.1:80 -r 173.194.41.133:80 -m -w 1 | |
-A -t 127.0.0.2:80 -s wlc | |
-a -t 127.0.0.2:80 -r 173.194.41.131:80 -m -w 1 | |
-a -t 127.0.0.2:80 -r 173.194.41.132:80 -m -w 1 | |
-a -t 127.0.0.2:80 -r 173.194.41.133:80 -m -w 1 | |
-A -t 172.16.100.128:80 -s wlc | |
-a -t 172.16.100.128:80 -r 173.194.41.131:80 -m -w 1 | |
-a -t 172.16.100.128:80 -r 173.194.41.132:80 -m -w 1 | |
-a -t 172.16.100.128:80 -r 173.194.41.133:80 -m -w 1 | |
$ for s in 127.0.0.2 127.0.0.1 172.16.100.128 173.194.41.131 173.194.41.132 173.194.41.133; do curl -sf $s >/dev/null; echo $?; done | |
7 | |
7 | |
0 | |
0 | |
0 | |
0 | |
=> Works for the public IP, not others. | |
=> Gaaaaaaaaah. | |
net/netfilter/ipvs/ip_vs_xmit.c: | |
if (unlikely(!local && ipv4_is_loopback(ip_hdr(skb)->saddr))) { | |
IP_VS_DBG_RL("Stopping traffic from loopback address %pI4 " | |
"to non-local address, dest: %pI4\n", | |
&ip_hdr(skb)->saddr, &daddr); | |
ip_rt_put(rt); | |
return NULL; | |
} | |
=> Use link-local addresses! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment