Not yet subscribed to the list so please cc me...
I'v previously set up lvs as a redirector/firewall to a farm of web
servers and NAT using the 0.8.3 patch against 2.2.12. Everything went
swimmingly; so far so good.
I moved on and am now seting up another lvs redirector/firewall
configuration using 0.9.7 (as pakaged in Debian) and 2.2.13 and I
cannot for the life of me get either IP tunneling or direct connection
to work.
I don't think it's an lvs issue per se, because I can sniff packets
coming into the rediretor, out the redirector, into the real box, and
out the real box. However, the packes are never being forwarded back
out the redirector to the real world.
My immediate thought is that spoofing protection is somehow getting in
the way as I have a host sourcing packets on the protected side with
an address that matches a redirector interface on the public
side.
Just to double check everything I've just brought the configuration in
line with the direct routing example (with different addresses of
course), and when I attempt to access the vhost/port from the
redirector itself I get a connection refused message;when I attempt to
connect from the outside my connection hangs.
Has anyone used direct routing or ip unneling with IP_FIREWALL=y
configured in their kernel?
--
Stephen
"Farcical aquatic ceremonies are no basis for a system of government!"
|