|
On 2000-03-14T12:53:41,
Julian Anastasov <uli@xxxxxxxxxxxxxxxxxxxxxx> said:
> The source address checking is very restrictive. We can't
> control via /proc/sys/net/ipv4/conf/*/rp_filter packets with
> saddr=local_ip daddr=non_local_ip, i.e. forwarded packets, even
> when we use two different network devices to distinguish the
> source of the packet: real server or external client.
I do consider this a bug BTW - for LVS/DR's VIP, this check should be
disabled.
Even when you use the LVS as a router, DR may be desireable as opposed to NAT.
And the bug is non-obvious to new users.
Unfortunately, my kernel hacking abilities don't go this far, I could only
remove the check completely, but I think it would be much cleaner to
specifically allow this for the VIPs only.
Sincerely,
Lars Marowsky-Brée <lmb@xxxxxxx>
Development HA
--
Perfection is our goal, excellence will be tolerated. -- J. Yahl
|
