|
On Fri, 14 Jul 2000, Horms wrote:
> > > You should take a look at
> > > http://ultramonkey.sourceforge.net/ultramonkey-1.0.1/topologies/example-lb-3-fwmark.html
> > >
> > In this example you have adresses from both the 192.168.0.0/24 and
> > 192.168.6.0/24 networks. Is this correct?
>
> Yes, in this example 192.168.6.0/24 is used for actual addressed of
> the servers on the server network: 192.128.6.1, 192.128.6.4 and
> 192.128.6.5. 192.198.0.0/24 is used for virtual addresses. I have
> just used two class C's here for no partucular reason.
OK just checking...
Here's your code
# Masquerade for 192.168.6.0/24 bound for any host
ipchains -A forward -j MASQ -s 192.168.6.0/24
outbound coming from realservers at x.x.6.0/24:anyport (not just
x.x.6.2|3:80) gets masqueraded
# Set fwmark 1 on packets for destined for virtual service addresses
ipchains -A input -d 192.168.0.0/24 -m 1
inbound from clientland destined for x.x.0.0/24:anyport gets a fwmark=1
tag
# Enable forwarding of packets destined for virtual service
addresses
ipchains -A forward -j ACCEPT -d 192.168.0.0/24
accept (ie locally for forwarding) x.x.0.0/24:anyport. The packet by this
time has a fwmark=1 tag.
(the order of these last two rules is so that the packet first gets
accepted/tagged on the input and then forwarded?)
then ipvsadm steps in at the forwarding level
ipvsadm -L -n
IP Virtual Server version 0.9.11 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
FWM 1 rr
-> 192.168.6.3:80 Masq 1 0 0
-> 192.168.6.2:80 Masq 1 0 0
anything with fwmark=1 is masqueraded to x.x.6.2|3:80.
Does this mean a telnet to x.x.0.1 will be sent to x.x.6.2|3:80?
Is there any LVS use for multiple fwmarks?
> > When you say the
> >
> > " The LVS server
> > do you mean the director?
>
> Yes. I have used the term LVS Server in lieu of director throughout the
> site as this reflected the ipvsadm man page at the time - and to this
> day to my knowledge.
I've used the term "director" after reading the description on Wensong's
webpage at least a year ago and after some discussion with him about
nomenclature to make sure names that possibly could be confused weren't
going to be used at all. I've never noticed "LVS Server" before.
If you were showing a new person a diagram of an LVS and after describing
the various machine's functions (without using their names) asked him to
point to the one(s) he thought were the "LVS server(s)" do you think 90%
of people would get it right straight off?
Joe
--
Joseph Mack mack@xxxxxxxxxxx
|
