SoFunction
Updated on 2025-04-12

IP port forwarding in cluster configuration

IP port forwarding in cluster configuration

 
IP port forwarding is the most critical step in cluster configuration, and users must flexibly handle it according to their own situation. Here we explain it in two parts: configuration content and configuration process.

Configuration content

Here we will simulate the web services and FTP services that access the host in the private network from the client to verify whether different machines can be accessed. The usage rules of IPVS are shown in Table 1.

/sbin/depmod -a/sbin/modprobe ip_masq_ftp/sbin/modprobe ip_masq_portfw.oecho "1" > /proc/sys/net/ipv4/ip_forward #Open IP Forwardingiptables -A forward -j MASQ -s 192.168.0.0/24 -d 0.0.0.0/0 #Please carry forward the packet of interface 10.44.110.209 to 192.168.0.2 (Real Server 1)#TCP:port 80/usr/sbin/ipmasqadm portfw -a -P tcp -L  10.44.110.209 80 -R 192.168.0.2 80 -p 1#port forward the packet of interface 10.44.110.209 to 192.168.0.3 (Real server2)#FTP:port 21/usr/sbin/ipmasqadm portfw -a -P tcp -L 10.44.110.209 21 -R 192.168.0.3 21 -p 1/usr/sbin/ipmasqadm portfw -a -P tcp -L 10.44.110.209 80 -R 192.168.0.3 80 -p 2/usr/sbin/ipmasqadm -A  -t 10.44.110.209:80 -s wlc #Weighted Least-Connection scheduling scheduling method/usr/sbin/ipmasqadm -A -t 10.44.110.209:21 -s wrr #Weighted Round Robing scheduling scheduling

Table 1 shows the work that IPVS needs to do. The virtual server itself does not have server software installed and cannot provide corresponding service content, but it can forward all TCP-based web requests (port 80) accessing 10.44.110.209 to two real servers, 192.168.0.2 and 192.168.0.3, for processing. After execution, it returns the result to the client. Similarly, it forwards the FTP service request from port 21 to 192.168.0.3, which is processed by a real server with IP address 192.168.0.3, and returns the result.

Configuration process

First configure the IP address, gateway, etc. of the load balancing server. The commands are as follows:
    #ifconfig eth0 10.44.110.209 netmask 255.255.255.0 broadcast 10.44.110.255

Then create the /etc// file according to the following rules:

/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_portfw.o
echo "1" > /proc/sys/net/ipv4/ip_forward 
#Open IP Forwarding first
iptables -A forward -j MASQ -s 192.168.0.0/24 -d 0.0.0.0/0 
#Perform IP disguise

#port forward the packet of interface 10.44.110.209
to 192.168.0.2 (Real Server 1)
#TCP:port 80
/usr/sbin/ipmasqadm portfw -a -P tcp
-L 10.44.110.209 80 -R 192.168.0.2 80 -p 1

#port forward the packet of interface
10.44.110.209 to 192.168.0.3 (Real Server 2)
#FTP:port 21
/usr/sbin/ipmasqadm portfw -a -P
tcp -L 10.44.110.209 21 -R 192.168.0.3 21 -p 1
/usr/sbin/ipmasqadm portfw -a -P
tcp -L 10.44.110.209 80 -R 192.168.0.3 80 -p 2

/usr/sbin/ipmasqadm -A -t 10.44.110.209:80
-s wlc #Weighted Least-Connection scheduling
/usr/sbin/ipmasqadm -A -t 10.44.110.209:21
-s wrr #Weighted Round Robing scheduling
 


After editing the file, run the following command to increase the executable permissions of the file:
    #chmod 700 /etc//

Then add the following line to the /etc// file, so that the IP camouflage module will be activated every time the machine is restarted:
    /etc//

So far, the basic settings on the virtual server have been completed. Next, let’s take a look at how to configure it on the real server of the private network.

[1]

Article entry: csh     Editor in charge: csh