|
Thanks for the very fast response.
> > martian problem. I then read about fwmark. As I understand it, fwmark
> > promises to work around the martion problem and provide greater
> flexibility
> > when grouping services. So I configured LVS for fwmark and got
> stuck. A
>
> This is not true. fwmark can be used for two (known) purposes:
>
> - as a routing key (if you use it in your ip rules)
>
> - as a higher-layer key (if you use it in your ipvs rules, for example)
>
> You can't avoid the source spoofing checks by using fwmarks
> or at least I don't know for such trick.
I got the idea that I could do this from the HOWTO, in fact it explicitly
says the following:
"9.9 fwmark allows LVS-DR director to be default gw for realservers
--> If a LVS-DR director is accepting packets by fwmarks, then it does not
have a VIP. <-- The director can then be the default gw for the realservers
(see LVS-DR director is default gw for realservers)."
I don't want to whine about the HOWTO. In fact, I found the
HOWTO to be an excellent source of information. Thank you very much,
Joseph.
This section confused me because it implies a connection between fwmarks and
the
local delivery requirement. But I know now that fwmarks still require the
packet
to be delivered locally. The VIP can be removed with or without fwmarks.
> You can route traffic to gateways. This is the way your packets
> hit the other end of the world. The routers forward the traffic for
> addresses that are not local. Every box can receive packets for non-local
> addresses. Then there are many methods to treat this traffic as locally
> destined: ipchains -j REDIRECT, ip route add table XXX local 0/0 dev lo,
> etc.
The ip route did the trick. Thank you. I had tried something similar
before
but missed the "local." Oh, so close! :-)
Thanks again for the quick response and the help! All is right my world
now.
Jake Garver
|
