|
On Sun, Jul 04, 2004 at 12:10:44AM +0200, Alois Treindl wrote:
> I use LVS nat, and run rwhod on the director and all realservers.
>
> rwhod works by sending udp broadcasts to port 513 on all interfaces.
>
> I use redhat linux (RHEL 3.0)
>
> I would like to restrict these udp broadcasts to the internal interface
> only, but rwho on Linux has no controls for such a restriction.
>
> The broadcast packages on the external interface create some icmp error
> replies from other devices on the external interface, which then get
> logged in the director's syslog, every 3 minutes.
>
> kernel: 10.1.2.4 sent an invalid ICMP type 11, code 0 error to
> broadcast: xxxx.255 on eth1
>
> If I use iptables to prevent these broadcasts to go out on eth1, then
> rwhod is unhappy and creates another syslog entry every 3 minutes:
>
> rwhod[4124]: sendto(xxx.255): Operation not permitted
Strange. Perhaps using a DROP rather than a REJECT might help.
> I see two solutions, but don't know the howto for them:
>
> a) use iptables to filter those unwanted ICMP replies
> I tried, but could not get the filter rules right.
>
> b) use the network interface configuration to disable all broadcasts on
> eth1. I don't know whether that is possible, whether it breaks some
> important other functionality, and how it is done.
>
> Please don't advise me to stop rwhod - I find it convenient to see the
> status of the whole LVS cluster with 'ruptime'
You could fix rwhod so you can control where it sends its packets out.
--
Horms
|
