|
Hello,
On 27 Mar 2002, Josep Llaurado Selvas wrote:
> Hello,
>
> Adding the route to local I loose the connection to the firewall.
>
> I have seen when I connect to LVS www port (both firewalls have squid
> transparent-proxy installed and caching the www connections), the LVS
> runs well, getting a round-robin connection between the two firewalls.
> It seems the 'route suggestion' of Julian it's ok, but the solution
> locks the firewall.
>
> Anybody can help me about setting the 'ip route' commands to allow the
> outbond connections throw the LVS-Firewall runs ok?
> Or anybody can point me out to any doc about setting the advanced Linux
> routing capabilities? I'm not an expertise and I need some help...
>
> TIA.
>
> On Mon, 2002-03-25 at 22:55, Julian Anastasov wrote:
> >
> > Hello,
> >
> > On 25 Mar 2002, Josep Llaurado Selvas wrote:
> >
> > > #
> > > # Enabling eth0:30
> > > #
> > > /sbin/ifconfig eth0:30 192.168.1.30 broadcast lvs netmask
> > > 255.255.255.255
> > > /sbin/route add -host 192.168.1.30 dev eth0:30
> >
> > Do you have:
> >
Something like this (not tested):
# Don't balance the local talks
ipchains -A input -p TCP -s 192.168.1.0/24 -d 192.168.1.0/24 -i INDEV -j ACCEPT
# Mark HTTP traffic
ipchains -A input -p TCP -s 192.168.1.0/24 -d 0.0.0.0/0 80 -m 1 -j ACCEPT
# Check first for routes to directly attached networks
ip rule add prio 50 table main
# HTTP to universe is locally delivered
ip rule add prio 100 fwmark 1 table 100
ip route add local 0/0 dev lo table 100
# Everything else to universe (in fact, all routes to universe via gateway)
ip rule add prio 200 table 200
ip route add default via GW dev DEV table 200
Regards
--
Julian Anastasov <ja@xxxxxx>
|
