|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Dean,
Thank you very much for that link - it looks very interesting.
I'm concerned though, that the versions (both LVS and Kernel) are quite
old - is the patch updated to work with the latest of both?
Also - This patch enables a feature, which can be enabled/disabled at
will - so why is it not in the main LVS source code?
The reason I'm asking this, is ofcourse that I run LVS for
high-availability :)
on 16-12-2004 02:42 Dean Holland wrote:
| We are using the patch from the following URL:
|
| http://www.ssi.bg/~ja/nfct/
|
| which adds the netfilter conntrack entries for LVS-NAT or LVS-DR with
| the director as the gateway (which is the setup I run here).
|
|
| On Wed, 2004-12-15 at 19:52 +0000, Malcolm Turnbull wrote:
|
|>I think LVS uses the INPUT and OUTPUT chain rather than FORWARD
|>which is why its not recommended to be used as a firewall as well.
|>
|>I could be wrong as usual.....
|>
|>Regards,
|>
|>Malcolm Turnbull.
|>
|>Loadbalancer.org Limited
|>+44 (0)7715 770523
|>http://www.loadbalancer.org/
|>
|>
|> " When a single point of failure is not an option"
|>
|>Why not try our online demonstration
|><http://www.loadbalancer.org/demo.html> ? Or get answers to common
|>questions <http://www.loadbalancer.org/fud.html> ?
|>
|>
|>
|>Klavs Klavsen wrote:
|>
|>
| Hi guys,
|
| I am running LVS with NAT setup (kernel 2.4.27) and have noticed a
| serious problem (with how it works with Netfilter) which I wanted to
| know if really is a bug - or "feature"?
|
| What I've noticed, is that when I get requests to my virtual addresses -
| it forwards these to the realservers - but appereantly the request is
| NOT added to the Netfilter ESTABLISHED table - so the response from the
| realserver is not allowed out - unless I specificly allow everything out
| from the realservers service-ports (http and https in this case) :(
|
| Am I just mistaken, in thinking a connection established from the
| outside should be added to the LVS (with the "by LVS" rewritten
| address), so it will match an ESTABLISHED on the way out?
|
| Thank you in advance
|>
|>
| _______________________________________________
| LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
| Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
| or go to http://www.in-addr.de/mailman/listinfo/lvs-users
- --
Regards,
Klavs Klavsen, GSEC - kl@xxxxxxx - http://www.vsen.dk
PGP: 7E063C62/2873 188C 968E 600D D8F8 B8DA 3D3A 0B79 7E06 3C62
"Those who do not understand Unix are condemned to reinvent it, poorly."
~ --Henry Spencer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFBwUTePToLeX4GPGIRAhr/AKCyqIEMEUeojCetC+4GI2+iPw7L7gCff8h4
hSDhGImDZP0MglDxXIdNsv8=
=GZHi
-----END PGP SIGNATURE-----
|
