|
Third time lucky ;-|
Sorry I was away from email for a while...
ipvs CAN use port 0 to represent all ports,
(well 0.8.2 can anyway).
Mr. Mack's configure-lvs doesn't seem to like it
as you've pointed out.
Try doing it manually first, using ipvsadm,
and if that works like you expect, then you may
want to talk to Mr. mack.joseph@xxxxxxx to get
configure-lvs support for this.
If you want to "forward all ports, exclude port X, Y, Z ???",
it's a little ambiguous what you mean. Probably what you
want is for e.g. to load balance a web server normally,
and then all other ports also. ipvs handles specific ports
first, and then the "all ports" case. I.E. the following
will work like you want.
VIP:80 -> RIP:80, RIP:80
VIP:0 -> RIP:0, RIP:0
If you want to stop access to specific ports, then
I would say firewall rules is the answer.
Note FWmarks give different/better control, and can
be used to group ports for persistency etc.
good luck,
Padraig.
Alex Senin wrote:
Padraig Brady wrote:
> Alex Senin wrote:
>
>> Is it possible to forward all traffic ( all ports ) througth VIP to
>> realservers ?
>
>
> Just use port 0. I.E. set up a VIP:0 -> RIP1:0, RIP2:0, ...
> Note the will do persistency across multiple ports also.
> for e.g. connections from a client to both port 80 & 443
> will get sent to the same real server.
>
> Padraig.
My config file :
LVSCONF_FORMAT=1.1
LVS_TYPE=VS_TUN
INITIAL_STATE=on
CLEAR_IPVS_TABLES=Y
VIP=eth0:0 real 255.255.255.255 real
DIP=eth0 director 192.168.1.111 255.255.255.0 192.168.1.255
SERVICE=t 0 rr client
SERVER_VIP_DEVICE=tunl0:0
SERVER_NET_DEVICE=eth0
SERVER_GW
SERVER_GW=client
and this is an error after I tryed to run configure script:
sh-2.04# configure_lvs lvs.tun
Error: cannot use port 0 in service line.
print_service_lines: port 0 not allowed in SERVICE line.
sh-2.04#
Packages:
ipvs-1.0.0
configure_lvs - 0.9.2
HOW FORWARD ALL PORTS ???
P.S:
and the REAL question is:
How to forward all ports, exclude port X, Y, Z ???
|
