LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

RE: Using iptables redirect for ARP problem on red hat real servers

from [Peter Mueller] [Permanent Link]
To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>, <malcolm@xxxxxxxxxxxxxxxx>
Subject: RE: Using iptables redirect for ARP problem on red hat real servers
From: "Peter Mueller" <pmueller@xxxxxxxxxxxx>
Date: Wed, 7 Jul 2004 12:40:33 -0700 
> > iptables -t nat -A PREROUTING -p tcp -d VIP -j REDIRECT
> > 
> > working on several 2.4 kernel real servers, are you sure 
> its not "2.2 only"
> 
> yes. much work went into making sure it didn't work ;-/

On my real servers I have : $IPTABLES -t nat -A PREROUTING -p tcp -d
$VIP1 --dport 80 -j REDIRECT --to-port 80.  If I remember correctly "-j
REDIRECT" is broken on stock kernels.  Vendor kernels have an iptables
patch that restores functionality.

Actually I have just dug into google a bit on this issue.  As it turns
out iptables of 1.2.7a - or possibly earlier - appears to have restored
this functionality.  Here is the thread :
http://lists.netfilter.org/pipermail/netfilter/2002-September/038303.htm
l.  So any recent stock kernel + recent iptables will work, or you can
use vendor kernels.

RE: director, why would you want transparent proxy to work there?

P
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Re: FW: Linux Virtual Server/Secure Context procfs shared permissions flaw, Peter Mueller
Next by Date:  Re: Using iptables redirect for ARP problem on red hat real servers, Joseph Mack
Previous by Thread:  RE: Using iptables redirect for ARP problem on red hat real servers, Miguel A. Felipe
Next by Thread:  Re: Using iptables redirect for ARP problem on red hat real servers, Joseph Mack
Indexes:  [Date] [Thread] [Top] [All Lists]