|
James O'Kane wrote:
> I had a problem last night
> that I tracked down to a rule in my FORWARD chain that was a little to
> strict.
Here's the relevent part from a posting by Roberto Nibali on 21 May this year
when I asked about FORWARDING with iptables.
Joe
------------------------------------
>
> I see packets only in the INPUT and OUTPUT chains, but not in FORWARD or
> or in lvs_rules chains. Have I done something wrong?
Hmm, how does the ruleset look like? If you're dealing with netfilter,
packets don't travel through all chains anymore. Julian once wrote
something about it:
packets coming from outside to the LVS do:
PRE_ROUTING -> LOCAL_IN(LVS in) -> POST_ROUTING
packets leaving the LVS travel:
PRE_ROUTING -> FORWARD(LVS out) -> POST_ROUTING
>From the iptables howto:
COMPATIBILITY WITH IPCHAINS
This iptables is very similar to ipchains by Rusty Rus
sell. The main difference is that the chains INPUT and
OUTPUT are only traversed for packets coming into the
local host and originating from the local host respec
tively. Hence every packet only passes through one of the
three chains; previously a forwarded packet would pass
through all three.
~
~
--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
|
