Linux Virtual Server is a highly salable and highly available server built on a cluster of real servers with the load balance running on the Linux Operating System.
First of all we will install the Linux Virtual Server package on Our CentOS 8 / RHEL 8 machine. After Installing LVS on our Operating System we will configure it as a load balancer to the back end servers. This setup assumes you have installed a CentOS / RHEL 8 server or workstation edition.

Step 1: Installing Linux Virtual Server on CentOS 8 / RHEL 8

Run the following command on your server to Install Linux Virtual Server and Choose yes to proceed further.

[sabi@localhost ~]$ sudo yum install ipvsadm
 [sudo] password for sabi: 
 Last metadata expiration check: 3:38:25 ago on Sun 22 Dec 2019 12:37:06 AM EST.
 Dependencies resolved.
  Package          Arch            Version              Repository          Size
 Installing:
  ipvsadm          x86_64          1.29-8.el8           AppStream           57 k
 Transaction Summary
 Install  1 Package
 Total download size: 57 k
 Installed size: 83 k
 Is this ok [y/N]: y

Step 2: Enabling IP forwarding and enable service

When you have finished installing package, enable the service and IP forwarding in your machine.

echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf 
sudo sysctl -p 

Confirm it is turned to 1

[sabi@localhost ~]$ echo 'net.ipv4.ip forward = 1' | sudo tee -a /etc/sysctl.conf
[sudo] password for sabi: 
net.ipv4.ip forward = 1

Start and enable ipvsadm services by running

sudo touch /etc/sysconfig/ipvsadm
sudo systemctl enable –now ipvsadm

Check out the service status, it will be look like as:

[sabi@localhost ~]$ systemctl status ipvsadm
 ● ipvsadm.service - Initialise the Linux Virtual Server
    Loaded: loaded (/usr/lib/systemd/system/ipvsadm.service; enabled; vendor preset: di>
    Active: active (exited) since Sun 2019-12-22 04:25:30 EST; 20s ago
   Process: 5880 ExecStart=/bin/bash -c exec /sbin/ipvsadm-restore < /etc/sysconfig/ipv>
  Main PID: 5880 (code=exited, status=0/SUCCESS)
 Dec 22 04:25:29 localhost.localdomain systemd[1]: Starting Initialise the Linux Virtua>
 Dec 22 04:25:30 localhost.localdomain systemd[1]: Started Initialise the Linux Virtual>
 lines 1-8/8 (END)

Step 3: Configure LVS as Load Balancer

After setting up all, move forward to configure LVS as a load balancer to actual back-end applications.

Clean the IP tables rules by running

sudo ipvsadm -C

Step 4: Adding a Virtual Service

Add a virtual service by using the syntax

ipvsadm -A -t (ServiceIP:Port) -s (Distribution method)

Following Distribution methods supported:

• rr (Round Robin) = Equal load distribution among back-end servers
• wrr (Weighted Round Robin) = The Round Robin based on real Servers weight
• lc (Least Connection) = Servers having few active processes are selected for new load assignment on priority basis.
• wlc ( Weighted Least Connection) = Assigns tasks to servers with fewer jobs and relative to the real server’s weight (Ci/Wi) . By default, this method is used.

We will do configuration based on below diagram.

In this case, I’m setting LVS server to listen on 192.168.233.129 with port 80.

sudo ipvsadm -A -t 192.168.233.129:80 -s wlc

Now, add the back-end servers by typing

sudo ipvsadm -a -t (ServiceIP:Port) -r (BackendServerIP:Port) -m

The configuration will look like

sudo ipvsadm -a -t 192.168.233.129:80 -r 192.168.233.209:80 -m 
sudo ipvsadm -a -t 192.168.233.129:80 -r 192.168.233.4:80 -m 

Type the following command to list current rules:

[sabi@localhost ~]$ sudo ipvsadm -l 
 IP Virtual Server version 1.2.1 (size=4096)
 Prot LocalAddress:Port Scheduler Flags
   -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
 TCP  cent01:http wlc
   -> cent03:http                  Masq    1      0          0         
   -> cent02:http                  Masq    1      0          0      

Allow Firewall

sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --reload

Now, when you load the LVS server IP / domain name from the browser, you will see the page on one of the back-end server.

Hi this is the LVS server page on back-end server 1

Upon reloading, the back-end server 2 page should show

Hi this is the LVS server page on back-end server 2

This is how you can set up your LVS server on CentOS 8 / RHEL 8.

The post How To Setup LVS (Linux Virtual Server) Load Balancer on CentOS 8 / RHEL 8 appeared first on Linux Windows and android Tutorials.

Structure of “iptables”

Let’s have a better look at the structure of “iptables”. It’s a Table that has Chains where the Chains contain Rules. The structure, in short, TablesàChainsàRules

There’re several types of tables in it, each of them containing different types of chains. Here’s a short list of all of them.

• Filter table
  • INPUT chain
  • FORWARD chain
  • OUTPUT chain
• NAT table
  • PREROUTING chain
  • POSTROUTING chain
  • OUTPUT chain
• Manage table
  • PREROUTING chain
  • OUTPUT chain
  • FORWARD chain
  • INPUT chain
  • POSTROUTING chain

Command lines

For using “iptables”, you need to learn a few of the basic command lines. In “iptables”, the Filter table is the default table. You can see all the rules on the table by executing the following command:

iptables -t filter --list
or
iptables -t filter -L
or
iptables --list
or
iptables -L

From my device, here’s a sample output. Note that yours might be different (don’t panic).

root@test [~]# iptables -t filter --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
acctboth   all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

If you’re willing to see other tables, follow this command:

iptables -t nat --list
or
iptables -t nat -L

The output will be similar to this sample.

root@test [~]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Take a note that after “-t” followed by a space, you’ll have to declare the table name.

iptables -t nat --list # The "nat" represents the NAT table. Change it to your need

If you’ve done anything wrong, don’t worry. The following command will delete all “iptables” rules at once.

# iptables –flush

To delete rules of a specific table, follow this command:

# iptables –flush OUTPUT

Managing “iptables” rules

Creating rules, modifying them and removing them one by one is pretty crazy, to be honest. It’s more maddening when you try to perform them using command lines. For most of the users, it’ll be the same experience for sure. However, if you’re interested in creating or managing “iptables” using commands, here’s the complete guide. It’s pretty simple and easy to follow.

For the vast majority, I’d like to recommend using Shorewall. It’s a frontend tool with very simple & powerful UI for everyone. Alongside “iptables” management, this tool is a complete package of advanced functions and management options. Get Shorewall today. Before you jumpstart to Shorewall, I suggest reading this guide beforehand.

Got any questions about iptables? Feel free to ask it in the comment section below. Don’t forget to share with your friends. Share your experience and assert some dominance on your PC!

The post How to List and Delete iptables Firewall Rules appeared first on Linux Windows and android Tutorials.