Hello,
On Thu, 16 Aug 2001, Tao Zhao wrote:
> Why do you need ipchains for masquerading? I think LVS (director) will do
> this automatically because it tracks all incoming connections, change
> the dest according to scheduling decisions, and change the src addr when
> replies go through the director. Correct me if I am wrong.
No way. You are right :) ipchains rule is needed in 2.4
only for non-LVS traffic, eg. for simple ping. LVS listens on the
FORWARD chain and can feed itself with the NAT replies. In 2.2 it is
done from the ipchains code.
> -Tao
>
> On 16 Aug 2001, Kjetil Torgrim Homme wrote:
>
> > I'm using Red Hat's stock kernel from 7.1, and use ipvsadm from
> > Powertools 7.1.
> >
> > The LVS is set up like this:
> >
> > ipvsadm -A -t lvs:http -s rr
> > ipvsadm -a -t lvs:http -r rs1:80 -m -w 1
> > ipvsadm -a -t lvs:http -r rs2:80 -m -w 1
> >
> > The director has two network interfaces, one public and one private.
> > The two real servers are connected to a hub in the private net. There
> > are no firewall rules. The masquerading is set up using ipchains.
> >
> > ipchains -A forward -j MASQ -s 10.218.128.0/24 -d 0.0.0.0/0
Regards
--
Julian Anastasov <ja@xxxxxx>
|