|
On Fri, Sep 15, 2000 at 10:27:42AM +0900, ??? wrote:
> Could you explain a little more ?
> I had tried that configuration and concluded that it's impossible.
> I hope that It was because I didn't know fwmark service well. :)
I was thinking about something along the lines of:
# Mark all outgoing packets with fwmark 1
# Assume that packets from out local network (192.168.0.0/23) are
# outging traffic for arguments sake
ipchains -A input -s 192.168.0.0/23 -m 1
# Now, set up a virtual service to act on the marked packets
ipvsadm -A -f 1
ipvsadm -a -f 1 -r 192.168.1.7
ipvsadm -a -f 1 -r 192.168.1.8
ipvsadm -a -f 1 -r 192.168.1.9
Where 192.168.1.7, 192.168.1.8 and 192.168.1.9 are your firewall boxen.
> ----- Original Message -----
> From: "Horms" <horms@xxxxxxxxxxxx>
> To: "John Chuang" <ychuang@xxxxxxxxxxxxxxxx>
> Cc: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
> Sent: Friday, September 15, 2000 8:01 AM
> Subject: Re: firewall farm
>
>
> > On Thu, Sep 14, 2000 at 04:02:44PM +0500, John Chuang wrote:
> > > Hello all,
> > >
> > > I wonder if anyone tried to setup a firewall farm with LVS?
> >
> > While I don't know of anyone who has tried this, certaily it should
> > work, expecially if the firewall is just a packet filter. You
> > will probably want to use fwmark services to enable redirection
> > of a wide range of, or all ports.
--
Horms
|
