IP port forwarding in cluster configuration

IP port forwarding in cluster configuration

IP port forwarding is the most important step in cluster configuration. You need to flexibly handle it according to your own situation. This section describes the configuration content and configuration process.

Configuration content

Here, we will simulate accessing the Web Services and FTP services of hosts in the private network from the client to verify whether different machines can be accessed. The rules for using IPVS are shown in table 1.

 
  
/Sbin/depmod-a/sbin/modprobe ip_masq_ftp/sbin/modprobe forward "1">/proc/sys/net/ipv4/ip_forward # open IP Forwardingiptables-A forward-j first MASQ-s 192.168.0.0/24-d 0.0.0.0/0 # mask IP # port forward the packet of interface 10.44.110.209 to 192.168.0.2 (Real Server 1) # TCP: port 80/usr/sbin/ipmasqadm portfw-a-P tcp-L 10.44.110.209 80-R 192.168.0.2 80-p 1 # port forward the packet of interface 10.44.110.209 to 192.168.0.3 (Real Server 2) # FTP: port 21/usr/sbin/ipmasqadm portfw-a-P tcp-L 10.44.110.209 21-R 192.168.0.3 21-p 1/usr/sbin/ipmasqadm portfw-a-P tcp-L 10.44.110.209 80-R 192.168.0.3 80-p 2/usr/sbin/ipmasqadm-A-t 10.44.110.209: 80-s wlc # Weighted Least-Connection scheduling mode/usr/sbin/ipmasqadm-A-t 10.44.110.209: 21-s wrr # Weighted Round Robing scheduling mode
 

Table 1 shows the work to be done by IPVS. The virtual server itself does not have server software installed and cannot provide the corresponding service content, but it can send all TCP-based Web requests (port 80) that access 10.44.110.209) it is forwarded to two real servers, 192.168.0.2 and 192.168.0.3 for processing. After execution, it returns the result to the client. Similarly, it forwards the FTP service request from port 21 to 192.168.0.3, which is processed by the real server with the IP address 192.168.0.3 and returns the result.

Configuration process

First, configure the IP address and gateway of the Server Load balancer server. The command is as follows:
# Ifconfig eth0 10.44.110.209 netmask 255.255.255.0 broadcast 10.44.110.255

Create the/etc/rc. d/rc. firewall file according to the following rules:

/Sbin/depmod-
/Sbin/modprobe ip_masq_ftp
/Sbin/modprobe ip_masq_portfw.o
Echo "1">/proc/sys/net/ipv4/ip_forward
# Enable IP Forwarding first
Iptables-A forward-j MASQ-s 192.168.0.0/24-d 0.0.0.0/0
# Mask IP addresses

# Port forward the packet of interface 10.44.110.209
To 192.168.0.2 (Real Server 1)
# TCP: port 80
/Usr/sbin/ipmasqadm portfw-a-P tcp
-L 10.44.110.209 80-R 192.168.0.2 80-p 1

# Port forward the packet of interface
10.44.110.209 to 192.168.0.3 (Real Server 2)
# FTP: port 21
/Usr/sbin/ipmasqadm portfw-a-P
Tcp-L 10.44.110.209 21-R 192.168.0.3 21-p 1
/Usr/sbin/ipmasqadm portfw-a-P
Tcp-L 10.44.110.209 80-R 192.168.0.3 80-p 2

/Usr/sbin/ipmasqadm-A-t 10.44.110.209: 80
-S wlc # Weighted Least-Connection scheduling Method
/Usr/sbin/ipmasqadm-A-t 10.44.110.209: 21
-S wrr # Weighted Round Robing scheduling Method

After editing the file, run the following command to add the executable permissions of the file:
# Chmod 700/etc/rc. d/rc. firewall

Add the following line to the/etc/rc. d/rc. local file, so that the IP camouflage module is activated every time the machine is restarted:
/Etc/rc. d/rc. firewall

So far, the basic settings on the virtual server have been completed. Next, let's see how to configure the server on the private network.

[1]

Article entry: csh responsible editor: csh