|
Clint Byrum wrote:
>
> I'm a little confused at this question. What is a demasquerade rule? or did
> you mean masq rule? Actually, I have a rule that says -s 192.168.0.0/16 -d
> 192.168.0.0/16 -j ACCEPT
>
> But if there's already a masq table entry for TCP 192.168.1.x:* ->
> 192.168.10.x:80 , then anything from TCP port 80 of 192.168.10.x to
> 192.168.1.x, should get "demasqueraded", correct?
It's not clear I agree.
for each ipvsadm rule eg
ipvsadm -a -t VIP:telnet -r realserver:telnet
you'll need a corresponding rule so that the packets
can get back from the realserver to the client
ipchains -A forward -p tcp -j MASQ -s realserver telnet -d 0.0.0.0/0
(you might have 192.168.0.0/16 instead of realserver)
The question I asked then is...
Are your internal clients in the zone specified by the -d parameter
in the ipchains line?
I don't know what your -s 192.168.0.0/16 -d 192.168.0.0/16
rule is doing. It looks like you're mapping yourself onto yourself.
Is this OK?
Do you really have a B class LVS? :-)
Joe
--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
|
