|
I'm adding filter rules to the configure script. The rules
are layered this way
top layer: if packet for VIP -j lvs_rules
lvs_rules: if packet for lvs service_1 (eg telnet) -j ACCEPT
if packet for lvs service_2 (eg http) - j ACCEPT
I've done it in two layers so that I can add to lvs_rules as
each service is configured.
If I now telnet to the VIP in a working LVS, I would expect packets
to go through the telnet rule in lvs_rules, but if I list the
number of packets with
$iptables -L -v
I see packets only in the INPUT and OUTPUT chains, but not in FORWARD or
or in lvs_rules chains. Have I done something wrong?
I remember reading that you can test your filter rules by running a command
with the parameters of some hypothetical packet and the output will show
the path through the rules. I can't find it in the iptables HOWTO's or with
google. Anyone know how to do this?
Julian, Ratz,
Are you guys planning on adding stats by service to the code sometime?
Thanks Joe
--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
|
