LVS or Linux Virtual Server is a great way to balance the load of your servers, and also could be a way to in someway secure them, but you are also given the hackers a way to attack you with DOS attacks.

Get the code

Debian / Ubuntu

apt-get install ipvsadm

RedHat based (Fedora, CentOS)

yum install ipvsadm

The scenario

__________ |Internet| ---------- | | ________________ |166.114.152.10| | Director | |192.168.1.1 | ---------------- | | ----------------------- | | | | --------------- ---------------- |192.168.1.2 | |192.168.1.3 | |Real Server 1| |Real Server 2 | --------------- ----------------

Configure the director

As we are going to route traffic across the director, and the default gatways of the real server are going to be the Director IP, we need to enable IP Forward on the Director

echo “1” >/proc/sys/net/ipv4/ip_forward

Now configure the service we are going to forward (in this case http) and with round robin.

ipvsadm -A -t 166.114.152.10:80 -s rr

And configure the multiple server (or just one if you want)

ipvsadm -a -t 166.114.152.10:80 -r 192.168.1.2:80 -m -w 1 ipvsadm -a -t 166.114.152.10:80 -r 192.168.1.3:80 -m -w 1

Configure de real Servers

Be sure the default Gateway of the real servers is the Dirctor, with this

route add default gw 192.168.1.1

you can use

route del default gw xxx.yyy.zzz.www first to delete your old default gatway, use this with care if you are logged remotely, you can loose access to your servers.

Now test the connections, you can use tcpdump

tcpdump -i any -s 1500 -w file.cap

to catch the packages on the director and on the real servers and then use ethereal or wireshark to study these files.

but you can also use

ipvsadm

with no parameters, to see the active and inactive connections.

For more info use

man ipvsadm

you can also read this: http://www.austintek.com/LVS/LVS-HOWTO/mini-HOWTO/LVS-mini-HOWTO.html http://www.ultramonkey.org/papers/lvs_tutorial/html/