|
Now that Horms fixed ldirectord to work with fwmark, I've made an
observation and I want to see if my concern is valid.
The cool thing about using fwmark for me is the fact that you can do
something like this:
-A input -s 0.0.0.0/0.0.0.0 -d 10.2.9.5/255.255.255.255 80:80 -p 6 -m 1
-A input -s 0.0.0.0/0.0.0.0 -d 10.2.9.5/255.255.255.255 443:443 -p 6 -m 1
-A input -s 0.0.0.0/0.0.0.0 -d 10.2.9.5/255.255.255.255 21:21 -p 6 -m 1
I can associate a bunch of different but specific ports to a single fwmark
and then this allows me to place a single rule in ipvsadm:
ipvsadm -A -f 1 10.2.9.5:0
ipvsadm -a -f 1 -r 10.2.9.10:0
ipvsadm -a -f 1 -r 10.2.9.11:0
IP Virtual Server version 0.9.15 (size=8192)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
FWM 1 wlc
-> 10.2.9.11:0 Route 1 0 0
-> 10.2.9.10:0 Route 1 0 0
So this is great, cause if I have ftp, https, http all associate with
fwmark 1 for a group of services that will definitely be balances accross
all real server, then this to me makes thing real simple. One rule, three
different services, clean and nice.
But the problem with this is that ldirectord then seem to get
confused. Something like this in my config:
virtual=1
real=10.2.9.10:0 gate
real=10.2.9.11:0 gate
fallback=127.0.0.1:80
service=none
scheduler=rr
#persistent=600
protocol=fwm
checktype=connect
just causes ldirectord to fail and use the fallback server and I'm
assuming this is because the port 0 is used as the reference as to what
port to use to connect and test.
So, is there any way around this?
Using something like real=10.2.9.10:80 makes it work fine of course, but
won't this screw up my ability to fwmark multiple ports?
Thanks
-jeremy
eholes.org * jeremy@xxxxxxxxxx
-----------------------------------------
eholes have feelings too...
|
