|
> I have a LVS cluster up and running directing SMTP,POP3,IMAP
> to 3 real
> servers using direct route. The 'ipvsadm -l -c -n' command shows >2k
> connections from one IP address in ESTABLISHED state. When one times
> another one gets created. It always seems to hover around 2200
> connections. The real servs are not working too hard on it because
> tcpserver is rejecting connections (I think). Can I put an iptables
> entry on the director to block the offending CLass C? Or,
> does LVS happen
> before the iptable stuff?
I believe the ipchains/iptables are required to function before any other
applications such as LVS.. so definitely all firewall rules should apply
first.
|
