按“ ”做好实验后,想在真机多开个服务,比如21,这个问题困扰了我好久,搜不到有现成的资料,在这论坛也问了问题,( )看了好多资料,才慢慢知道要再修改哪些地方才能实现多服务,在这论坛学到很多运维方面的知识,写个日志可以防止自己的健忘,也给像我一样的菜鸟,很快实现和我想要的效果。
现在实现 VIP 192.168.1.212 访问 真机192.168.1.204上的80端和ftp(21)端口
(1)首先要开启iptables 
#
service iptables start
# chkconfig iptables on
# iptables -t mangle -A PREROUTING -p tcp -d 192.168.1.212/32 --dport 21 -j MARK --set-mark 21
# iptables -t mangle -A PREROUTING -p tcp -d 192.168.1.212/32 --dport 10000:20000 -j MARK --set-mark 21
#service iptables save
用命令iptables -L -t mangle能看到以下内容,表示正常
[root@localhost ~]# iptables -L -t mangle
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination        
MARK       all  --  anywhere             anywhere            MARK set 0x9
MARK       tcp  --  anywhere             192.168.1.212       tcp dpt:ftp MARK set 0x15
MARK       tcp  --  anywhere             192.168.1.212       tcp dpts:ndmp:dnp MARK set 0x15
(2)然后在ipvsadm添加
# ipvsadm -a -t 192.168.1.212:21 -r 192.168.1.204:21 -g (在内核的虚拟服务器192.168.1.212中添一条Real Server(192.168.1.204)记录,
#ipvsadm --save > /etc/sysconfig/ipvsadm
这样操作就可以,在浏览器可以看到,以下效果:
通过 能到192.168.1.204的WEB;
通过
 
能到192.168.1.204的ftp
 
114816gcchrghz0guvhhhc.jpg
vip 192.168.1.212 真机192.168.1.204
11481642lt4koc4otmfxot.jpg
vip 192.168.1.212 真机
最后再附上我的iptables表
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 88 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -i eth0 -j MARK --set-mark 0x9
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -m mark --mark 0x9 -j MASQUERADE
COMMIT
查看LVS转发记录:
[root@localhost ~]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.1.212:http wrr persistent 30
  -> 192.168.1.204:http           Route   1      0          6        
TCP  192.168.1.212:ftp wlc persistent 600
  -> 192.168.1.204:ftp            Route   1      0          3