|
On Sun, 9 Apr 2000, Horms wrote:
> On Sun, Apr 09, 2000 at 11:19:09PM -0400, Donald Ball wrote:
> > http://linuxvirtualserver.org/arp.html
> >
> > I added these rules to the ipchains configuration on the real server:
> >
> > ipchains -A input -j REDIRECT -d 206.66.49.220 -p tcp
> > ipchains -A input -j REDIRECT -d 206.66.49.220 -p udp
> >
> > (206.66.49.220 is the virtual ip address, of course)
>
> I've seen that idea somewhere before :)
>
> You may want to look at using aliases on the loopack device
> instead if you are using a 2.2.14 kernel as according to
> Rusty and some anecdotal evidence there are performance issues
> with having trandparent proxying compiled into the kernel, let
> alone actually using the feature.
>
> You can have a single ip alias cover a network using something along
> the lines of
>
> ifconfig lo:0 192.168.0.1 netmask 255.255.255.0 mtu 150
Aha, I see you wrote the suggestion on the page I referenced. You might
want to document the potential performance problems you mention on that
page. Hell, you might want to link to that page from, well, somewhere....
the only reason I found it was by trolling through the mailing list
archives.
> > and everything started working fine. It's a tad onerous to create the
> > rulesets for all of the virtual ip addresses, but much simpler than
> > maintaining 'n' seperate copies of the apache configuration file, so I'm
> > happy.
>
> If you look at the fwmark functionality in 0.9.10, and your
> virtual ipaddresses are (somewhat) contiguous then you shoudn't
> have too many rules to write.
Hrm? fwmark? May I ask for a reference? Is this something that one can
control via piranha?
- donald
|
