Menu
▾
▴
Re: [Zenloadbalancer-support] How does my web server access external when I use l4xnat?
|
From: Joseph R. <spq...@ya...> - 2014-10-31 20:48:59
|
Have you considered using IPTables? In my environment I have the web-servers sit behind the LB just like you. I use a l4xnat as my inbound VIP to load balance the load over my servers. However my servers need to make public outbound web-service calls. So to do that I have IPTables just NAT the source traffic as it leaves. I like to control my traffic so I use destination based rules that only NAT the traffic when going to specific web-service destinations. Inbound is handled by Zen and the l4xnat (inbound and the response) Outbound is handled by iptables (traffic that originates from my internal servers) Also since your ZenLB is sitting on the public internet you should have IPTables protecting your public IP's. Joseph ________________________________ From: DavidW <wy...@ho...> To: zen...@li... Sent: Friday, October 31, 2014 12:52 PM Subject: Re: [Zenloadbalancer-support] How does my web server access external when I use l4xnat? But with LX4NAT, I need set gateway of my server to 192.168.0.4 like below, right? Or I misunderstand here? It is set to 192.168.0.4, does it know to go to outside through 192.168.0.6 ? From:Justin Bennett [mailto:jbe...@ms...] Sent: October-31-14 12:30 PM To: zen...@li... Subject: Re: [Zenloadbalancer-support] How does my web server access external when I use l4xnat? Hi David, I’d say adding a new virtual eth4:6 connection and create a new IP, maybe 192.168.0.6 – or whatever is not in use, then assign it as a DATALINK Farm to the 65.x.x.222 GW. You could then test it with a laptop and shouldn’t interfere with production. Just give your laptop its own unused 192.168.0.x IP and assign the 192.168.0.6 as it’s default gateway. See how it fairs. -Justin From:DavidW [mailto:wy...@ho...] Sent: Friday, October 31, 2014 10:34 AM To: zen...@li... Subject: Re: [Zenloadbalancer-support] How does my web server access external when I use l4xnat? Hi, Justin, Right, there is no firewall, I connect one network card of the ZEN to my ISP, it gives me a range of IPs like below IP Range: 65.x.x.193 - 65.x.x.215 Gateway: 65.x.x.222 Mask: 255.255.255.224 DNS: 65.x.x.1 And I setup ZEN like below, now the inbounding work fine, for example, I can access my web server at 192.168.0.22 by IP 65.x.x.203 But I have no clue how to set up so browser in server like 192.168.0.22 can access outside sites through any external IP From:Justin Bennett [mailto:jbe...@ms...] Sent: October-31-14 10:04 AM To: zen...@li... Subject: Re: [Zenloadbalancer-support] How does my web server access external when I use l4xnat? Hi David, From you post I responded too, it didn’t appear you had a router or firewall between your Zen Load Balancer and your internet. Is that correct? -Justin From:DavidW [mailto:wy...@ho...] Sent: Friday, October 31, 2014 9:27 AM To: zen...@li... Subject: Re: [Zenloadbalancer-support] How does my web server access external when I use l4xnat? Thanks Justin and Emilio So do I need a DATALINK or not? Since my ZEN is on production, I want to prevent changes that could compromise it. David From:Emilio Campos [mailto:emi...@gm...] Sent: October-31-14 5:26 AM To: zen...@li... Subject: Re: [Zenloadbalancer-support] How does my web server access external when I use l4xnat? it is a routing issue, if zen works as gateway then review the zen routing table and ensure that the backends net is routable through your firewalls / routers. Regards! 2014-10-30 19:34 GMT+01:00 Justin Bennett <jbe...@ms...>: Do you have a DATALINK configured for the uplink 192.168.0.4, since you have your webserver configured to use it as its gateway? Check out this example – of course you don’t need dual paths, but you need to assign the Farm DATALINK. http://www.zenloadbalancer.com/quick-start-guide-for-uplinks-load-balancing-with-zen-load-balancer/ FARMS Now it’s time to create a new datalink farm using the interface which the clients will request the outgoing connections to the internet (for this example, eth1), through the Manage::Farms section. After clicking Save button, the farm will be created. Editing the global parameters of our brand new datalink farm we’ve to select the right algorithm to be used. In our case, we’ve to select the Weight Algorithm to be balanced the both uplinks according to the weight value of each uplink. Also, a Priority Algorithm could be used to build an active-passive fault tolerance uplink balancer with different providers. Finally, we’ve to configure our backends. For uplinks load balancing the real servers will be the routers that supply the real access to the internet with the correspondent interface and weight or priority value. Figure 1 - Configure your Default GW 65.21.231.222 Justin Bennett Supervisor of Network Technology Information Technology jbe...@ms... Mt. San Jacinto College Phone 951-639-5090 http://www.msjc.edu dSecurity Notice:MSJC Information Technology Staff will never ask for your password. Keep your passwords private to protect yourself and the security of our network. From:DavidW [mailto:wy...@ho...] Sent: Thursday, October 30, 2014 11:05 AM To: zen...@li... Subject: Re: [Zenloadbalancer-support] How does my web server access external when I use l4xnat? Could someone help here? Thanks All my servers are in internal network with IP in range 192.168.0.*, ZEN setup like below eth4 192.168.0.4 255.255.255.0 eth5 65.21.231.193 255.255.255.224 - eth5:197 65.21.231.197 255.255.255.224 default gateway is 65.21.231.222 my web server set like this IP: 192.168.0.22 Gateway: 192.168.0.4 I can access my webserver by external IP 197 65.21.231.197 with farm set with l4xnat But how I set it so it can direct traffic for outgoing connection? From:DavidW [mailto:wy...@ho...] Sent: October-29-14 4:19 PM To: zen...@li... Subject: [Zenloadbalancer-support] How does my web server access external when I use l4xnat? It seems I need use L4XNAT, but with that, I need set gateway of my web server to the IP of my ZEN server. Now I can visit my web site from outside. But when I try to access other web site from browser in the web server, I cannot, I guess traffic sent to the ZEN server, but ZEN server doesn’t forward to outside. What should I do? Thanks WARNING ________________________________ This email did not originate from the Mt. San Jacinto College network and should be viewed with caution. Please note that computer viruses and phishing attempts can be transmitted via email. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. If you have any questions or concerns about this email, please contact the MSJC Information Technology helpdesk at hel...@ms... or (951) 639-5344. ------------------------------------------------------------------------------ _______________________________________________ Zenloadbalancer-support mailing list Zen...@li... https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support -- Load balancer distribution - Open Source Project http://www.zenloadbalancer.com Distribution list (subscribe): zen...@li... WARNING ________________________________ This email did not originate from the Mt. San Jacinto College network and should be viewed with caution. Please note that computer viruses and phishing attempts can be transmitted via email. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. If you have any questions or concerns about this email, please contact the MSJC Information Technology helpdesk at hel...@ms... or (951) 639-5344. WARNING ________________________________ This email did not originate from the Mt. San Jacinto College network and should be viewed with caution. Please note that computer viruses and phishing attempts can be transmitted via email. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. If you have any questions or concerns about this email, please contact the MSJC Information Technology helpdesk at hel...@ms... or (951) 639-5344. ------------------------------------------------------------------------------ _______________________________________________ Zenloadbalancer-support mailing list Zen...@li... https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support |