VS/DR + Keepalived 同机房能访问,外面却无法访问
环境
Dip: 142.4.115.1 VIP: 142.4.115.10
RIP:142.4.115.2 142.4.115.3
3台服务器 iptables 和 selinux 都已经关闭
故障:
现在同机房的 IP 能访问,外网的 IP 无法访问 (PS:怀疑是不是路由器或者交换机的防火墙设置有关系)
ipvsadm -lnc
//下面属于同机房的,可以正常访问,同机房的其他不同网段的ip都可以访问
TCP 01:54 FIN_WAIT 199.188.119.60:55631 142.4.115.10:80 142.4.115.2:80
TCP 14:58 ESTABLISHED 199.188.119.60:55630 142.4.115.10:80 142.4.115.3:80
//不同机房 ,无法访问,我自己本地访问服务器也无法访问
TCP 00:54 SYN_RECV 50.63.141.11:65400 142.4.115.10:80 142.4.115.3:80
TCP 00:54 SYN_RECV 50.63.141.11:65399 142.4.115.10:80 142.4.115.2:80
tcpdump
同机房的访问
21:51:37.184953 IP 199.188.119.60.57965 > 142.4.115.10.http: Flags [P.], seq 4232792162:4232792504, ack 2341927796, win 16425, length 342
21:51:37.184964 IP 199.188.119.60.57965 > 142.4.115.10.http: Flags [P.], seq 0:342, ack 1, win 16425, length 342
21:51:37.190154 IP 199.188.119.60.57965 > 142.4.115.10.http: Flags [.], ack 292, win 16352, length 0
21:51:37.190163 IP 199.188.119.60.57965 > 142.4.115.10.http: Flags [.], ack 292, win 16352, length 0
21:51:37.190169 IP 199.188.119.60.57965 > 142.4.115.10.http: Flags [F.], seq 342, ack 292, win 16352, length 0
21:51:37.190171 IP 199.188.119.60.57965 > 142.4.115.10.http: Flags [F.], seq 342, ack 292, win 16352, length 0
不同机房的无法访问
21:53:43.031085 IP 50.63.141.11.65404 > 142.4.115.10.http: Flags [S], seq 1581394184, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
21:53:43.031102 IP 50.63.141.11.65404 > 142.4.115.10.http: Flags [S], seq 1581394184, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
21:53:43.284117 IP 50.63.141.11.65405 > 142.4.115.10.http: Flags [S], seq 1490829116, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
21:53:43.284129 IP 50.63.141.11.65405 > 142.4.115.10.http: Flags [S], seq 1490829116, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
21:53:46.037449 IP 50.63.141.11.65404 > 142.4.115.10.http: Flags [S], seq 1581394184, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
21:53:46.037459 IP 50.63.141.11.65404 > 142.4.115.10.http: Flags [S], seq 1581394184, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
21:53:46.290326 IP 50.62.141.11.65405 > 142.4.114.10.http: Flags [S], seq 1490829116, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
21:53:46.290335 IP 50.62.141.11.65405 > 142.4.114.10.http: Flags [S], seq 1490829116, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
21:53:52.036220 IP 50.62.141.11.65404 > 142.4.114.10.http: Flags [S], seq 1581394184, win 8192, options [mss 1460,nop,nop,sackOK], length 0
请大家帮忙看看!!!