|
Hello,
On Mon, 16 Jul 2001, James O'Kane wrote:
> Hi,
> I'm just getting started with both lvs and iptables, and I haven't
> found anywhere that says how the two interact? I had a problem last night
> that I tracked down to a rule in my FORWARD chain that was a little to
> strict. I'm hoping to understand where in this model does lvs fit in?
What is this rule?
LVS does not use the Netfilter connection tracking and NAT code.
You are free to use FILTER rules but the more restrictive per-protocol
rules can stop the LVS traffic. LVS has its own connection tracking.
The key features are:
- listen in LOCAL_IN (not in PRE_ROUTING) and DNAT there
- create connections only in LOCAL_IN
- walk FORWARD only for in->out NAT traffic and SNAT there
- hook LOCAL_IN and FORWARD after the FILTER
- hook POST_ROUTING: the LVS traffic must leave the chain processing,
i.e. we don't want Netfilter NAT to work with our packets
> http://netfilter.samba.org/unreliable-guides/packet-filtering-HOWTO/packet-filtering-HOWTO.linuxdoc-6.html
http://marc.theaimsgroup.com/?l=linux-virtual-server&m=98296653726641&w=2
Joe prepares fresh version of this document for the next HOWTO.
There is a little difference related to:
- related ICMP for transparent proxy setups
- switch from nfmark to nfcache usage
> BTW, I'm doing LVS-NAT.
>
> thanks
> -james
Regards
--
Julian Anastasov <ja@xxxxxx>
|
