[SSI-users] Re: Re: iptables problem - RH9, OpenSSI 1.0.0
Brought to you by:
brucewalker,
rogertsang
From: Peter B. <pet...@ho...> - 2005-01-26 17:19:21
|
m=E5n 2005-01-24 klockan 08:26 -0800 skrev Bruce Walker: > OpenSSI has LVS (also known as ipvs) integrated and it does packet > filtering. A few questions: > a) Are you using CVIP/LVS at all (do you have an /etc/cvip.conf file?)? > b) have you tried OpenSSI 1.2.0 Hello. I've solved a number of problems that I've posted on this list, including NFS and iptables, by upgrading to 1.2.0 and configuring CVIP and HA-LVS. I have one other problem though, which I'll adress in a separate thread. Thanks for all the help so far! /Peter =20 > I know we have done masquerading in conjunction with HA-LVS NAT but I'm > not sure anyone has tried just the masquarading. It should work but I > don't know why it isn't for you. >=20 > bruce >=20 > [ Charset ISO-8859-15 unsupported, converting... ] > > Hello. > >=20 > > I just have to ask again - no one has any idea why the ipt_MASQUERADING > > module fails to load? Does anyone have that module loaded on > > 2.4.20-31.9_ssi_7smp / RH9? > >=20 > > It seems the kernel is trying to load ipchains.o, which it shouldn't > > since iptables already is active. Is there any part of the OpenSSI patc= h > > that touches packet filtering? > >=20 > > /Peter > >=20 > >=20 > > l?r 2005-01-15 klockan 17:09 +0100 skrev Peter Backlund: > > > Hello. > > >=20 > > > I'm having problems with ip masquerading on a RH9/ossi 1.0.0 based > > > cluster. Here's how I usually enable NAT in /etc/rc.local: > > >=20 > > > /sbin/iptables --table nat --flush > > > /sbin/iptables --table nat --delete-chain > > > /sbin/iptables --table nat --append POSTROUTING --out-interface eth0 = -j > > > MASQUERADE > > > /sbin/iptables --append FORWARD --in-interface eth1 -j ACCEPT > > > echo 1 > /proc/sys/net/ipv4/ip_forward > > >=20 > > > With kernel 2.4.20-31.9_ssi_7smp, ipt_MASQUERADE fails to load with t= he > > > following error message: > > >=20 > > > /lib/modules/2.4.20-31.9_ssi_7smp/kernel/net/ipv4/netfilter/ipchains.= o: > > > init_module: Device or resource busy > > > Hint: insmod errors can be caused by incorrect module parameters, > > > including invalid IO or IRQ parameters. > > > You may find more information in syslog or the output from dmes= g > > > /lib/modules/2.4.20-31.9_ssi_7smp/kernel/net/ipv4/netfilter/ipchains.= o: > > > insmod /lib/modules/2.4.20-31.9_ssi_7smp/kernel/net/ipv4/netfilter/ip= chains.o failed > > > /lib/modules/2.4.20-31.9_ssi_7smp/kernel/net/ipv4/netfilter/ipchains.= o: > > > insmod ipt_MASQUERADE failed > > >=20 > > >=20 > > > Why would the kernel want to load ipchains.o at this point? With a no= n- > > > cluster kernel, this approach works fine. No problems with loading th= is > > > module. > > >=20 > > > /Peter Backlund > > >=20 > > >=20 > > >=20 > > > ------------------------------------------------------- > > > The SF.Net email is sponsored by: Beat the post-holiday blues > > > Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. > > > It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt > >=20 > >=20 > >=20 > >=20 > > ------------------------------------------------------- > > This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting > > Tool for open source databases. Create drag-&-drop reports. Save time > > by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. > > Download a FREE copy at http://www.intelliview.com/go/osdn_nl > > _______________________________________________ > > Ssic-linux-users mailing list > > Ssi...@li... > > https://lists.sourceforge.net/lists/listinfo/ssic-linux-users > >=20 >=20 >=20 > ------------------------------------------------------- > This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting > Tool for open source databases. Create drag-&-drop reports. Save time > by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. > Download a FREE copy at http://www.intelliview.com/go/osdn_nl |