LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

RE: FW: LVS-Tun and Fwmarks

from [Julian Anastasov] [Permanent Link]
To: Jeff <golfer2@xxxxxxxxxxxxxx>
Subject: RE: FW: LVS-Tun and Fwmarks
Cc: Joseph Mack <mack.joseph@xxxxxxx>, <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>, Horms <horms@xxxxxxxxxxxx>
From: Julian Anastasov <ja@xxxxxx>
Date: Mon, 8 Jul 2002 21:59:05 +0000 (GMT) 
        Hello,

On Mon, 8 Jul 2002, Jeff wrote:

> Thanks to Julian and Joe, I've got the LVS-Tun working using the Director as
> the default gateway of the real servers.

        I could not recommend this setting for your setup.
Now you allow spoofing (src=VIP) from the external side. Note
that the recommendation is to open the check only for the real
servers, even "internal" clients can make problems for the
director if they can let the director to accept packet with
src IP=VIP. Of course, if you care you can solve this problem
with firewall rules.

> ip rule add prio 100 fwmark 1 table 100
> ip route add local 0/0 dev lo table 100

> Jeff

Regards

--
Julian Anastasov <ja@xxxxxx>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: FW: LVS-Tun and Fwmarks, Joseph Mack
Next by Date:  RE: FW: LVS-Tun and Fwmarks, Jeff
Previous by Thread:  Re: FW: LVS-Tun and Fwmarks, Joseph Mack
Next by Thread:  RE: FW: LVS-Tun and Fwmarks, Jeff
Indexes:  [Date] [Thread] [Top] [All Lists]