Klavs Klavsen said the following on 08/13/2012 03:05 PM: I believe I just confused how iptables vs. ipchains worked - sorry for being daft :) -- Regards, Klavs Klavsen, GSEC - kl@xxxxxxx - http://www
Graeme Fowler said the following on 08/13/2012 02:11 PM: [CUT] Ok. thank you for clarifying. So the external Ip would be in the OUTPUT chain, and I could filter more specificly there (unless I get st
You're using LVS-NAT. The only place the VIP is present in the usual usage of this is in the external (client-facing) interface of the director. ipvs works in tandem with netfilter (is part of it now
Appearently they are going through FORWARD - with the source IP of the backend - instead of the sourceIP of the VIP - that the client actually accessed. Also - for some reason there's no state - so I
I'm not 100% sure, but it looks like this is your problem. Remove those rules and see what happens. * I say "not sure" because I'm not sure whether the incoming packets will traverse the FORWARD chai
I enabled logging in iptables for both INPUT and FORWARD, and got this in logs: IN=eth2 OUT=eth2 SRC=Y.Y.Y.105 DST=MyInternetClientIP LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=80 DPT=516
Y.Y.Y.105 is not the IP of the LVS server internal interface ofcourse - it's the ip of the backendserver. Klavs Klavsen said the following on 08/13/2012 01:20 PM: -- Regards, Klavs Klavsen, GSEC - kl
Hi, I've setup a server, with public IPs (currently only one though) on one interface, and an internal ip on another interface - where the backend webservers are hosted. My problem is that I see the