LVS-NAT without the LVS server being the default gateway

Standard Toaster

Hi all,

Looking for help on this one guys.
I've a LVS-NAT test environment setup like the below:




The above works fine when the real server's default GW is the DIP, which is the expected setup for LVS-NAT.

What I'm trying to achieve is that the real servers use a 192.168.253.252 gw instead allowing access to the server (ssh, httpd etc) from the dev pcs/monitoring servers AND for it to be load-balanced via the CIP->VIP->DIP->RIP

---

>DIP->VIP->CIP

How can I achieve this, or is it even possible?


I want to be able to hit the webservers directly for patching/ssh/Opsview monitoring etc from the 'inside' BUT to also have the LVS-NAT setup form the inside too.
LVS-DR is not an option for security reasons.

I've follwoed this guide and tried creating a routing table in /etc/iproute2/rt_table and created the routes and rules with ip route and ip rule


root@server:~# ip route add default via 192.168.253.97 dev eth0 table loadbalancer
root@server:~# ip route list table loadbalancer
default via 192.168.253.97 dev eth0

Played with the fwmarks, no joy.
Still getting my head around iptables!



I *think* where I'm falling over is the DIP is in the same subnet as the realservers and they ignore any GW routes I define (I assume that's normal behavior)

Has to be an routing issue but I'm stumped right now.

Forgive me if I've ommited anything (long day!) but I can update with more info if needed.

The above is in a VMware enviroment if that helps, RHEL 6.4 all round.

Cheers guys/gals!

:-)

Standard Toaster

Abandoning this idea and going the normal route (eg DIP as the GW).
Got it to work in the end but to much hassle to configure and in long run, not really a goer.