[SSI-users] Re: Re: iptables problem - RH9, OpenSSI 1.0.0

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

m=E5n 2005-01-24 klockan 08:26 -0800 skrev Bruce Walker:
> OpenSSI has LVS (also known as ipvs) integrated and it does packet
> filtering.  A few questions:
> a) Are you using CVIP/LVS at all (do you have an /etc/cvip.conf file?)?
> b) have you tried OpenSSI 1.2.0

Hello.

I've solved a number of problems that I've posted on this list,
including NFS and iptables, by upgrading to 1.2.0 and configuring CVIP
and HA-LVS. I have one other problem though, which I'll adress in a
separate thread. Thanks for all the help so far!

/Peter  =20

> I know we have done masquerading in conjunction with HA-LVS NAT but I'm
> not sure anyone has tried just the masquarading.  It should work but I
> don't know why it isn't for you.
>=20
> bruce
>=20
> [ Charset ISO-8859-15 unsupported, converting... ]
> > Hello.
> >=20
> > I just have to ask again - no one has any idea why the ipt_MASQUERADING
> > module fails to load? Does anyone have that module loaded on
> > 2.4.20-31.9_ssi_7smp / RH9?
> >=20
> > It seems the kernel is trying to load ipchains.o, which it shouldn't
> > since iptables already is active. Is there any part of the OpenSSI patc=
h
> > that touches packet filtering?
> >=20
> > /Peter
> >=20
> >=20
> > l?r 2005-01-15 klockan 17:09 +0100 skrev Peter Backlund:
> > > Hello.
> > >=20
> > > I'm having problems with ip masquerading on a RH9/ossi 1.0.0 based
> > > cluster. Here's how I usually enable NAT in /etc/rc.local:
> > >=20
> > > /sbin/iptables --table nat --flush
> > > /sbin/iptables --table nat --delete-chain
> > > /sbin/iptables --table nat --append POSTROUTING --out-interface eth0 =
-j
> > > MASQUERADE
> > > /sbin/iptables --append FORWARD --in-interface eth1 -j ACCEPT
> > > echo 1 > /proc/sys/net/ipv4/ip_forward
> > >=20
> > > With kernel 2.4.20-31.9_ssi_7smp, ipt_MASQUERADE fails to load with t=
he
> > > following error message:
> > >=20
> > > /lib/modules/2.4.20-31.9_ssi_7smp/kernel/net/ipv4/netfilter/ipchains.=
o:
> > > init_module: Device or resource busy
> > > Hint: insmod errors can be caused by incorrect module parameters,
> > > including invalid IO or IRQ parameters.
> > >       You may find more information in syslog or the output from dmes=
g
> > > /lib/modules/2.4.20-31.9_ssi_7smp/kernel/net/ipv4/netfilter/ipchains.=
o:
> > > insmod /lib/modules/2.4.20-31.9_ssi_7smp/kernel/net/ipv4/netfilter/ip=
chains.o failed
> > > /lib/modules/2.4.20-31.9_ssi_7smp/kernel/net/ipv4/netfilter/ipchains.=
o:
> > > insmod ipt_MASQUERADE failed
> > >=20
> > >=20
> > > Why would the kernel want to load ipchains.o at this point? With a no=
n-
> > > cluster kernel, this approach works fine. No problems with loading th=
is
> > > module.
> > >=20
> > > /Peter Backlund
> > >=20
> > >=20
> > >=20
> > > -------------------------------------------------------
> > > The SF.Net email is sponsored by: Beat the post-holiday blues
> > > Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
> > > It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
> >=20
> >=20
> >=20
> >=20
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
> > Tool for open source databases. Create drag-&-drop reports. Save time
> > by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> > Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> > _______________________________________________
> > Ssic-linux-users mailing list
> > Ssi...@li...
> > https://lists.sourceforge.net/lists/listinfo/ssic-linux-users
> >=20
>=20
>=20
> -------------------------------------------------------
> This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
> Tool for open source databases. Create drag-&-drop reports. Save time
> by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> Download a FREE copy at http://www.intelliview.com/go/osdn_nl