LVS or Linux Virtual Server is a great way to balance the load of your servers, and also could be a way to in someway secure them, but you are also given the hackers a way to attack you with DOS attacks.
Get the code
Debian / Ubuntu
apt-get install ipvsadm
RedHat based (Fedora, CentOS)
yum install ipvsadm
Configure the director
As we are going to route traffic across the director, and the default gatways of the real server are going to be the Director IP, we need to enable IP Forward on the Director
echo “1” >/proc/sys/net/ipv4/ip_forward
Now configure the service we are going to forward (in this case http) and with round robin.
ipvsadm -A -t 220.127.116.11:80 -s rr
And configure the multiple server (or just one if you want)
ipvsadm -a -t 18.104.22.168:80 -r 192.168.1.2:80 -m -w 1 ipvsadm -a -t 22.214.171.124:80 -r 192.168.1.3:80 -m -w 1
Configure de real Servers
Be sure the default Gateway of the real servers is the Dirctor, with this
route add default gw 192.168.1.1
you can use
route del default gw xxx.yyy.zzz.www first to delete your old default gatway, use this with care if you are logged remotely, you can loose access to your servers.
Now test the connections, you can use tcpdump
tcpdump -i any -s 1500 -w file.cap
to catch the packages on the director and on the real servers and then use ethereal or wireshark to study these files.
but you can also use
with no parameters, to see the active and inactive connections.
For more info use
you can also read this: http://www.austintek.com/LVS/LVS-HOWTO/mini-HOWTO/LVS-mini-HOWTO.html http://www.ultramonkey.org/papers/lvs_tutorial/html/