|
Hello,
On Sun, 9 Apr 2000, Horms wrote:
> Is the dafault route for the back-end server (johnny) through
> the IPVS server (susan). While this is a requirement for
> NAT to function correctly, I believe that the version of IPVS
> that ships with RH6.2 does not support the router being the
> default gateway using direct routing. The problem is that the
> return packets from the back-end servers have a source address
> of one of the IPVS server's interfaces so it is deemed to be
> a spoof and is dropped.
>
> Julian Anastasov was working on a fix to this problem but
> I am not sure what the status on this is.
The status is beta (I hope it is working). I still didn't tested
it. This is a hack for experienced users only. You have to know how to
protect your firewall before compiling and using this patch. I don't think
it can go in the mainstream kernel soon. We have to change the default
rp_filter strategy for this. But we still can store it in the web site.
Someone happy with it in production? If Yes, we can move it from
the mail list to the web site :)
Regards
--
Julian Anastasov <uli@xxxxxxxxxxxxxxxxxxxxxx>
|
