|
Hi Lars, Horms,
On Tue, 11 Jan 2000, Lars Marowsky-Bree wrote:
> On 2000-01-11T08:18:05,
> Julian Anastasov <uli@xxxxxxxxxxxxxxxxxxxxxx> said:
>
> > Someone can test it disabling source validation in the Director
> > (eth1):
> >
> > echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter
>
> I can't check it right now, but I seem to recall this didn't fix it. rp_filter
> is disabled by default anyway.
There is one big difference which must be tested (the config with
two eths):
- The VIP is configured on eth0
- Director is talking to real servers through eth1
- Director is talking to the world through eth0
- eth1 is configured with rp_filter=0
So, my question is:
Horms,
are you using 2 eth cards ?
If Yes,
are you using rp_filter=1 (all/rp_filter=1, */rp_filter=1) ?
If Yes, is the Directors default gw reachable through eth0 ?
If Yes, Please try to set eth1/rp_filter=0
The difference is that we disable source checking for eth1 but the
outgoing packet is routed through eth0. This is not tested but the source
validation must fail in this case and the packet must be forwarded
successfully.
Of course, ip_forward must be 1.
For Director with 1 eth this is not working, i.e. rp_filter can't
help. But this is only assumption looking in the kernel sources and it
must be tested.
Regards,
Julian Anastasov
----------------------------------------------------------------------
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe, e-mail: lvs-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxx
For additional commands, e-mail: lvs-users-help@xxxxxxxxxxxxxxxxxxxxxx
|
