|
Joseph Mack wrote:
>
> On Tue, 10 Oct 2000, joern maier wrote:
>
> > sorry for posting again, but this time my questions are simple:
>
> part of how LVS works is fiddling the ipchains rules behind your back. If
> you have a VS-DR director, ipchains -L will give output even though you
> haven't explicitely run ipchains to set up LVS. Your problem with both
> your question below and the CBQ question comes from the interaction
> between the changes in the routing tables made by ipvsadm and ipchains,
> both of which will be stepping on each others feet.
>
> > I didn´t find anything on the man page of ipchains.
>
> LVS uses ipchains, but ipchains doesn't neccessarily know what LVS has
> done with the routing. Wensong (LVS) and Rusty (ipchains) know each other
> and are working to merge their code which will resolve these problems.
>
> I don't know the solution to your immediate problem.
>
> Joe
> --
> Joseph Mack mack@xxxxxxxxxxx
after running the configuration script (rc.lvs_dr) and using ipchains -L
...
there is no rule in any of the three basic chains (input, output,
forward)
policy is set to accept in all of them.
Actually all I wanted to do is mark an incoming packet so that I can put
it
into a CBQ chain and therefore restrict traffic from the outside to my
webservers. Any rule in the output or forward change is simply
disregarded
i.e. does not bring any results. So I was wondering if ipchains only
listens
to eth0 and does not mind about eth0:110 and how I could make it
listening
to it. My routing table looks like this:
the route table:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
lb.mynetwork.or * 255.255.255.255 UH 0 0 0
eth0
192.168.10.0 * 255.255.255.0 U 0 0 0
eth0
default gw.mynetwork.or 0.0.0.0 UG 0 0 0
eth0
lb.mynetwork.org = 192.168.10.17 (VIP) and 192.168.10.1 (IP)
any ideas ?
thanks,
Joern
>
lvs
|
