|
On Wed, 17 Apr 2002, Peter Mueller wrote:
> > > > Can I solve this problem with packet marking? I have a setup
> > > > in production (keepalived, mon, transparent redirects on
> > > > application servers) and I would rather not modify if possible.
>
> it turns out packet marking _IS_ the solution. this is an awesome tool!
>
> Julian supplied the recipe. I owe him many many beers. If anyone is
> curious, here it is..
>
> <recipe>
> ipchains -A input -p TCP -s $client -d VIP 80 -m 1 -j ACCEPT
> ipvsadm -A -f 1 -s wlc
> ipvsadm -a -f 1 -r $real_server
> # rest of ipvsadm stuff goes next...
> </recipe>
hmm,
I got a bit confused with the port 81 bit, but apparently
Julian didn't. I also didn't quite get the problem, which I now see
to be
In a functioning LVS, you want requests from only a certain IP/netmask to
to be forwarded to one set of realservers (which may be a subset of the
total realservers, or may be other dedicated realservers), while the
rest of the requests are forwarded normally to the whole LVS.
Or another way of putting it... You want 2 LVSs setup on the one director,
with one of the LVS's accepting only packets from an IP/netmask, while
the rest of the requests go to the other LVS?
true?
Joe
--
Joseph Mack, mack@xxxxxxxxxxxx
Linux Virtual Server project
http://www.linuxvirtualserver.org
|
