|
On Fri, May 21, 2004 at 08:31:41AM +0200, Alois Treindl wrote:
> Horms wrote:
>
> >To summarise. The path for incoming packets is:
> >
> >PREROUTING -> LOCAL_IN -> POSTROUTING
> >
>
> Thank you.
>
> I have understood quite a bit more, since I have read the relevant
> chapters in the LVS howto, My original complaint about insufficient
> information about interplay between ipvs and iptables was wrong, the
> information is there, it ineeds only some serious learning about
> iptables to understand it.
>
> One point remains a bit mysterious:
>
> the 'iptables' documentation I have found most useful is Oscar
> Andreasson's Iptables Tutorial 1.1.19
>
> It does not mention a chain called LOCAL_IN, whereas, like your message,
> the LVS Howto and related docs refer to LOCAL_IN all the time.
>
> Is LOCAL_IN the same as INPUT, or if not, what is it?
Hi Alois,
sorry for the confusion. I am going to write up a short document
explaining this a bit better. But it is slightly more work than I
origionally expected, so it isn't quite ready yet.
In a nutshell LOCAL_IN=INPUT and LOCAL_OUT=OUTPUT.
I am not sure why they names are different. But suffice
to say one is used in the kernel and the other is used
by iptables.
> About outgoing ssh from the realservers: I do use it, as my experience
> is that I spend quite a bit of time logged in there, to do maintenance
> work, web application trouble shooting etc. To be able to use rsync (via
> ssh) and scp from inside the cluster, to get stuff in and out, I use
> outgoing connections quite a bit. This includes wget (http) and outgoing
> https (for redhat's up2date feature).
Ok understood. To be honest I forget the origonal question.
But if you are using LVS-NAT and you want to make such connections
then you need to add an iptables NAT rule. From memory you had
this in your previous email.
With that in place LVS-NAT will handle incoming connections
(to the VIP) and iptabls-NAT will handle outgoing connections.
They don't really know about each other, and they don't really need to.
--
Horms
|
