Shawn Cannon wrote:
> I have a red hat 6.2/linux 2.2.14 system with the dummy0 and multiple
> aliased interfaces (i.e. dummy0:1, dummy0:2, etc.) configured to be hidden.
> I ran the "echo 1 > /proc/sys/net/ipv4/conf/all/hidden" and the "echo 1 >
> /proc/sys/net/ipv4/conf/dummyo/hidden" commands and at first this appeared
> to hide the dummy0 interface and all of its aliased interfaces as well.
> However I can now ping the dummy0 interface as well as the aliases from a
> separate client machine and get a response.
My advice is to check that no ICMP redirects are sent from the director (or any
machine in your setup). In fact, in my setup, no ICMP redirect is sent. This is
in the HOWTO (near to the end), and was the only problem I had running my LVS-DR
on RH 6.2.
You can turn the feature off by adding this to your /etc/sysctl.conf (doing it
on all your machines is safe)
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.ethX.send_redirects (change ethX to match your setup)
the restart your network.
I've constated that sometimes, ethX interface still send ICMP redirects after
doing this. To eliminate the problem, I've also added this to my
/etc/rc.d/rc.local:
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/ethX/send_redirects
And the problem was solved. Good luck.
--
$A=~s/$A/++$A/e (enfin A+ quoi...)
Franck GUILLOIS
|