|
> > internet
> > |
> > 64.204.99.1 (network providers router)
> > |
> > switch
> > |
> > real server 1 lvs machine real server 2
> > RIP (10.100.50.247) RIP (64.204.99.249) RIP (10.100.50.246)
> > lo:0 (64.204.99.240) VIP (64.204.99.240) lo:0
> > (64.204.99.240)
> > default gw 64.204.99.1 default gw 64.204.99.1
> > static arp entry static arp entry
> > for the router, for the router,
> > 64.204.99.1 64.204.99.1
> > What I thought you be possible is to set up a route or some type of rule
> > that says if traffic originates from 10.100.50.0/24, instead of using the
> > default gw, 64.204.99.1, go through 64.204.99.249 and be masqeraded, but
> > at thew same time if traffic originates from elsewhere and gets passed
> > from the LVS machine's VIP, then use the default gw and use DR instead.
> >
> > So I could masq and use DR for important traffic all at the same time.
> Additional settings for your setup:
>
> Settings for the real server(s):
>
> ip rule add prio 100 from 10.100.50.0/24 table 100
> ip route add table 100 0/0 via 10.100.50.249 dev eth0
i don't seem to have a man page for "ip". is there one anywhere? or
documentation in the kernel sources or something?
> For the director:
>
> You have to teach your LVS box 64.204.99.249 to
> listen on 10.100.50.249 and to stop the ICMP redirects:
>
> ifconfig eth0:1 10.100.50.249 netmask 255.255.255.0
>
> echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
> echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects
>
> ipchains -A forward -s 10.100.50.0/24 -j MASQ
can you perhaps explain how those icmp redirects come into play? i'm not
sure i fully understand this.
i may need to do something like this as well, only maybe with a separate
machine for masquerading, as opposed to the lvs director. but the real
server advanced routing would at least still apply.
-tcl.
|
