RE: SSL and persistence

To:	"'lvs-users@xxxxxxxxxxxxxxxxxxxxxx'" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	RE: SSL and persistence
From:	Peter Mueller <pmueller@xxxxxxxxxxxx>
Date:	Tue, 7 Jan 2003 13:16:42 -0800

Hi Cass, 

# rules for fwmarking with LVS
$IPTABLES -A INPUT -i $EXT_INT -p tcp -d $VIP1 --dport 80 -m 1 -j ACCEPT
$IPTABLES -A INPUT -i $EXT_INT -p tcp -d $VIP1 --dport 443 -m 2 -j ACCEPT
# <edit with your persistancy & real servers etc.>
/sbin/ipvsadm -A -f 1 -s wlc
/sbin/ipvsadm -A -f 2 -s wlc
/sbin/ipvsadm -a -f 1 -r $REAL1
/sbin/ipvsadm -a -f 2 -r $REAL2

Peter

PS - cool name.  I bet you get all the girls.  If only my name was Gavin.
;-)

> -----Original Message-----
> From: Bishop, Cass [mailto:cbishop@xxxxxxxxxxxxxxxxx]
> Sent: Tuesday, January 07, 2003 1:04 PM
> To: 'lvs-users@xxxxxxxxxxxxxxxxxxxxxx'
> Subject: RE: SSL and persistence
> 
> 
> Is this documented anywhere?  I don't understand your message.
> 
> -----Original Message-----
> From: Andres Tello Abrego [mailto:criptos@xxxxxxxxxx]
> Sent: Tuesday, January 07, 2003 1:39 PM
> To: 'lvs-users@xxxxxxxxxxxxxxxxxxxxxx'
> Subject: RE: SSL and persistence
> 
> 
> 
> U can use, then, a fw mark...
> using the prerouting table, u mark all packets to port 80 and 
> 443, then,
> lvs use persistence over "marked packets" :)
> 
> obtaingin the effect u want... :)
> 
> 
> 
> On Tue, 7 Jan 2003, Bishop, Cass wrote:
> 
> > I am using LVS-NAT and my setup is identical to yours 
> except that I need
> > persistence on port 80 as well.  Once someone has connected 
> on port 80 I
> > need them to use the same real server for their port 443 
> connections as
> > well.  How do I ensure that?
> >
> > -----Original Message-----
> > From: Andres Tello Abrego [mailto:criptos@xxxxxxxxxx]
> > Sent: Tuesday, January 07, 2003 1:26 PM
> > To: 'lvs-users@xxxxxxxxxxxxxxxxxxxxxx'
> > Subject: Re: SSL and persistence
> >
> >
> >
> > First, u must use, LVS-NAT, sice ssl certificates are bound 
> to a domain,
> > and, on my tests, sometime the navigator, says that the 
> ceritifactes does
> > not apply to the ip... or something like that...
> >
> > So, I used lvsnat, and persistence only for 443.. sice i`m 
> not interested
> > in having persistance at 80
> >
> > ipvsadm -C
> > #dando de alta web
> > ipvsadm -A -t 10.4.1.9:80
> > ipvsadm -a -t 10.4.1.9:80 -r 80.80.0.10:80 -w 1 -m
> > ipvsadm -a -t 10.4.1.9:80 -r 80.80.0.11:80 -w 2 -m
> >
> > #dando de alta https
> > ipvsadm -A -t 10.4.1.9:443 -p 600
> > ipvsadm -a -t 10.4.1.9:443 -r 80.80.0.10:443 -w 1 -m
> > ipvsadm -a -t 10.4.1.9:443 -r 80.80.0.11:443 -w 2 -m
> >
> >
> > I`m using wigthed less connections, and I only have 2 members and 1
> > director...
> >
> >
> > On Tue, 7 Jan 2003, Bishop, Cass wrote:
> >
> > > I have a question that I found referenced in the archive. 
>  I want to set
> > up
> > > one directory and two real servers.  The director will 
> handle http and
> > https
> > > traffic.  Once a client connects to one of the real 
> servers I want them
> to
> > > stay there when they change from http to https.  How do I tie the
> > > persistence settings of http and https together?
> > >
> > > Here is what I found, it was dated 2002-04-30:
> > >
> > > <Old Message>
> > >
> > > "Richard L. Allbery" wrote:
> > > >
> > > >  The problem is how do I setup persistence for
> > > > just port 80 and 443?  In other words, I want to tie 
> the persistence
> > > > together for these two ports.
> > >
> > > 
> http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO-7.html
> > >
> > > Joe
> > >
> > > --
> > > Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
> > > contractor to the National Environmental Supercomputer Center,
> > > mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
> > >
> > > _______________________________________________
> > > LinuxVirtualServer.org mailing list - 
> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > > or go to http://www.in-addr.de/mailman/listinfo/lvs-users
> > >
> > > </Old Message>
> > >
> > > The link to the how-to comes up as a 404.  Can anyone 
> direct me to the
> new
> > > link?
> > >
> > > Cass Bishop
> > > Web/Voice Systems Engineer
> > > ATX Technologies
> > > 972-753-6289
> > >
> > > CONFIDENTIALITY NOTICE:  The information in this e-mail 
> is privileged
> and
> > > confidential.  Any use, copying or dissemination of any 
> portion of this
> > > e-mail by or to anyone other than the intended recipient(s) is
> > unauthorized.
> > > If you have received this e-mail in error, please reply 
> to sender and
> > delete
> > > it from your system immediately.
> > >
> > > _______________________________________________
> > > LinuxVirtualServer.org mailing list - 
> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > > or go to http://www.in-addr.de/mailman/listinfo/lvs-users
> > >
> >
> >
> > _______________________________________________
> > LinuxVirtualServer.org mailing list - 
> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > or go to http://www.in-addr.de/mailman/listinfo/lvs-users
> >
> > CONFIDENTIALITY NOTICE:  The information in this e-mail is 
> privileged and
> > confidential.  Any use, copying or dissemination of any 
> portion of this
> > e-mail by or to anyone other than the intended recipient(s) is
> unauthorized.
> > If you have received this e-mail in error, please reply to 
> sender and
> delete
> > it from your system immediately.
> >
> > _______________________________________________
> > LinuxVirtualServer.org mailing list - 
> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > or go to http://www.in-addr.de/mailman/listinfo/lvs-users
> >
> 
> 
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
> 
> CONFIDENTIALITY NOTICE:  The information in this e-mail is 
> privileged and
> confidential.  Any use, copying or dissemination of any 
> portion of this
> e-mail by or to anyone other than the intended recipient(s) 
> is unauthorized.
> If you have received this e-mail in error, please reply to 
> sender and delete
> it from your system immediately.
> 
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>

<Prev in Thread]	Current Thread	[Next in Thread>
SSL and persistence, Bishop, Cass Re: SSL and persistence, Andres Tello Abrego Re: SSL and persistence, Malcolm Turnbull Re: SSL and persistence, Joseph Mack RE: SSL and persistence, Bishop, Cass RE: SSL and persistence, Andres Tello Abrego RE: SSL and persistence, Bishop, Cass RE: SSL and persistence, Peter Mueller <=

Previous by Date:	RE: SSL and persistence, Bishop, Cass
Next by Date:	How to merge Apache Error Logs, lvs
Previous by Thread:	RE: SSL and persistence, Bishop, Cass
Next by Thread:	How to merge Apache Error Logs, lvs
Indexes:	[Date] [Thread] [Top] [All Lists]