|
I'm confused as to how Direct Server Return works when using IPCHAINS on the
real servers like this:
ipchains -A input -j REDIRECT 80 -d virtu.a.l.IP 80 -p tcp
I see how this allows the VIP to be redirected to the local port on a server
that isn't configured with the address of the VIP... But then when the reply
goes directly to the browser, the source IP is going to be ???. Does the
application track the incoming destination address (VIP) and build the reply
packet using that IP as the source IP even though there is no interface with
that IP on the box?
I currently have DSR working in a closed environment using IPCHAINS on the
real servers, but I just don't understandy why it is working...
If someone knows the answer I'd really appreciate a quick note.
Thanks,
Curtis
|
