Re: [lvs-users] fallthrough to director IP when no ipvs forwarding rule

To:	LinuxVirtualServer.org users mailing list. <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: [lvs-users] fallthrough to director IP when no ipvs forwarding rule exists?
From:	Jay Faulkner <jay.faulkner@xxxxxxxxxxxxx>
Date:	Tue, 11 May 2010 17:16:49 -0500

> -----Original Message-----
> From: lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:lvs-users-
> bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Fred Clift
> Sent: Tuesday, May 11, 2010 5:23 PM
> To: LinuxVirtualServer.org users mailing list.
> Subject: [lvs-users] fallthrough to director IP when no ipvs forwarding
> rule exists?
> 
> So I've noticed that if I connect to a tcp port on a VIP that has no
> ipvs rules defined for forwarding, I 'fall through' to any potential
> listening service on my director.
> 
> Is this expected behavior?  How can I get rid of it?
> 

Try:

Iptables -A INPUT -d 1.1.1.1 -p tcp -m multiport --dport 
comma,delimited,list,of,loadbalanced,ports -j ACCEPT
iptables -A INPUT -d 1.1.1.1 -j REJECT

Simple firewalling solves your problems :)


--
Jason Faulkner
Linux Engineer, Rackspace Email & Apps
jason.faulkner@xxxxxxxxxxxxx

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread]	Current Thread	[Next in Thread>
[lvs-users] fallthrough to director IP when no ipvs forwarding rule exists?, Fred Clift Re: [lvs-users] fallthrough to director IP when no ipvs forwarding rule exists?, Joseph Mack NA3T Re: [lvs-users] fallthrough to director IP when no ipvs forwarding rule exists?, Fred Clift Re: [lvs-users] fallthrough to director IP when no ipvs forwarding rule exists?, Jay Faulkner <=

Previous by Date:	Re: [lvs-users] fallthrough to director IP when no ipvs forwarding rule exists?, Fred Clift
Next by Date:	Re: [lvs-users] [Keepalived-devel] [ANNOUNCE] Keepalived 1.1.20, Juanlu
Previous by Thread:	Re: [lvs-users] fallthrough to director IP when no ipvs forwarding rule exists?, Fred Clift
Next by Thread:	[lvs-users] need example for UDP connection, chen . yi16
Indexes:	[Date] [Thread] [Top] [All Lists]