|
Hello,
On Thu, 24 May 2001, Joseph Mack wrote:
> Roberto Nibali wrote:
>
> > If you're dealing with netfilter, packets don't travel through all chains
> > anymore.
> >
> > packets coming from outside to the LVS do:
> >
> > PRE_ROUTING -> LOCAL_IN(LVS in) -> POST_ROUTING
out->in:
NAT:
INPUT -> input routing -> local: LVS/DEMASQ -> input routing -> forwarding ->
OUTPUT
DR/TUN:
INPUT -> input routing -> local: LVS -> output routing -> OUTPUT
> > packets leaving the LVS travel:
> >
> > PRE_ROUTING -> FORWARD(LVS out) -> POST_ROUTING
in->out:
NAT only:
INPUT -> input routing -> FORWARD (-j MASQ) -> LVS/MASQ -> OUTPUT
> how does it go with a 2.2 director?
INPUT in 2.2 is similar as PRE_ROUTING in 2.4, i.e. INPUT,
OUTPUT and FORWARD are the 2.2 firewall chains
input routing: ip_route_input()
output routing: ip_route_output()
forwarding: ip_forward()
local: ip_local_deliver()
> Joe
>
>
> --
> Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
> contractor to the National Environmental Supercomputer Center,
> mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
Regards
--
Julian Anastasov <ja@xxxxxx>
|
